################################################################
# abuse.ch URLhaus IDS ruleset (Snort / Suricata)              #
# Last updated: 2025-09-13 10:02:25 (UTC)                      #
#                                                              #
# Terms Of Use: https://urlhaus.abuse.ch/api/                  #
# For questions please contact urlhaus [at] abuse.ch           #
################################################################
#
# url
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.5.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623215/; classtype:trojan-activity;sid:84486315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.141.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623214/; classtype:trojan-activity;sid:84486314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.113.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623213/; classtype:trojan-activity;sid:84486313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.248.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623212/; classtype:trojan-activity;sid:84486312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.9.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623211/; classtype:trojan-activity;sid:84486311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.234.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623210/; classtype:trojan-activity;sid:84486310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.47.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623209/; classtype:trojan-activity;sid:84486309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.116.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623208/; classtype:trojan-activity;sid:84486308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.234.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623207/; classtype:trojan-activity;sid:84486307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.248.74.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623206/; classtype:trojan-activity;sid:84486306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.66.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623205/; classtype:trojan-activity;sid:84486305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.71.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623203/; classtype:trojan-activity;sid:84486303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.16.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623202/; classtype:trojan-activity;sid:84486302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623201)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"37.114.41.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623201/; classtype:trojan-activity;sid:84486301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.113.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623200/; classtype:trojan-activity;sid:84486300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.105.76.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623197/; classtype:trojan-activity;sid:84486297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.30.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623198/; classtype:trojan-activity;sid:84486298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.244.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623199/; classtype:trojan-activity;sid:84486299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.81.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623191/; classtype:trojan-activity;sid:84486291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.183.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623192/; classtype:trojan-activity;sid:84486292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.248.74.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623193/; classtype:trojan-activity;sid:84486293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.58.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623194/; classtype:trojan-activity;sid:84486294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.82.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623195/; classtype:trojan-activity;sid:84486295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.105.76.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623196/; classtype:trojan-activity;sid:84486296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623190)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"37.114.41.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623190/; classtype:trojan-activity;sid:84486290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.118.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623189/; classtype:trojan-activity;sid:84486289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.40.240.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623188/; classtype:trojan-activity;sid:84486288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623178)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"37.114.41.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623178/; classtype:trojan-activity;sid:84486278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.140.138.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623179/; classtype:trojan-activity;sid:84486279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.80.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623180/; classtype:trojan-activity;sid:84486280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623181)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"37.114.41.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623181/; classtype:trojan-activity;sid:84486281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623182)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"37.114.41.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623182/; classtype:trojan-activity;sid:84486282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623183)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"37.114.41.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623183/; classtype:trojan-activity;sid:84486283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623184)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"37.114.41.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623184/; classtype:trojan-activity;sid:84486284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623185)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"37.114.41.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623185/; classtype:trojan-activity;sid:84486285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623186)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"37.114.41.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623186/; classtype:trojan-activity;sid:84486286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623187)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"37.114.41.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623187/; classtype:trojan-activity;sid:84486287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623177)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"37.114.41.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623177/; classtype:trojan-activity;sid:84486277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.121.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623176/; classtype:trojan-activity;sid:84486276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.65.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623175/; classtype:trojan-activity;sid:84486275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.66.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623174/; classtype:trojan-activity;sid:84486274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.51.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623173/; classtype:trojan-activity;sid:84486273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.45.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623172/; classtype:trojan-activity;sid:84486272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.45.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623171/; classtype:trojan-activity;sid:84486271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.102.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623170/; classtype:trojan-activity;sid:84486270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.178.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623169/; classtype:trojan-activity;sid:84486269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.41.140.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623167/; classtype:trojan-activity;sid:84486267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.213.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623166/; classtype:trojan-activity;sid:84486266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.232.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623165/; classtype:trojan-activity;sid:84486265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.169.214.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623163/; classtype:trojan-activity;sid:84486263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.44.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623162/; classtype:trojan-activity;sid:84486262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623160)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.30.59.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623160/; classtype:trojan-activity;sid:84486260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623161)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.30.59.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623161/; classtype:trojan-activity;sid:84486261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623159)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.30.59.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623159/; classtype:trojan-activity;sid:84486259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623156)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"117.30.59.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623156/; classtype:trojan-activity;sid:84486256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623157)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.30.59.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623157/; classtype:trojan-activity;sid:84486257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623154)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"117.30.59.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623154/; classtype:trojan-activity;sid:84486254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623155)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"117.30.59.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623155/; classtype:trojan-activity;sid:84486255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623152)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.30.59.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623152/; classtype:trojan-activity;sid:84486252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623153)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"117.30.59.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623153/; classtype:trojan-activity;sid:84486253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623150)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"117.30.59.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623150/; classtype:trojan-activity;sid:84486250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623151)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"117.30.59.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623151/; classtype:trojan-activity;sid:84486251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.16.186.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623149/; classtype:trojan-activity;sid:84486249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.183.177.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623148/; classtype:trojan-activity;sid:84486248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623143)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623143/; classtype:trojan-activity;sid:84486243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623144)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623144/; classtype:trojan-activity;sid:84486244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623145)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623145/; classtype:trojan-activity;sid:84486245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623146)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623146/; classtype:trojan-activity;sid:84486246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623147)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623147/; classtype:trojan-activity;sid:84486247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623142)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.78.65.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623142/; classtype:trojan-activity;sid:84486242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.24.16.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623138/; classtype:trojan-activity;sid:84486238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.108.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623137/; classtype:trojan-activity;sid:84486237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623136)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/3dexplor.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"202.189.5.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623136/; classtype:trojan-activity;sid:84486236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623135)"; flow:established,from_client; content:"GET"; http_method; content:"/30frxxbd/139assicc.dll"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"192.140.182.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623135/; classtype:trojan-activity;sid:84486235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623134)"; flow:established,from_client; content:"GET"; http_method; content:"/skygodhee1/spoofer-hwid-game/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623134/; classtype:trojan-activity;sid:84486234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623132)"; flow:established,from_client; content:"GET"; http_method; content:"/skygodhee1/spoofer-hwid-game/releases/download/v2.0/program.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623132/; classtype:trojan-activity;sid:84486232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623133)"; flow:established,from_client; content:"GET"; http_method; content:"/skygodhee1/spoofer-hwid-game/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623133/; classtype:trojan-activity;sid:84486233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623131)"; flow:established,from_client; content:"GET"; http_method; content:"/rasadhlp.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"118.25.68.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623131/; classtype:trojan-activity;sid:84486231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623130)"; flow:established,from_client; content:"GET"; http_method; content:"/rasadhlp.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"124.221.29.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623130/; classtype:trojan-activity;sid:84486230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.169.214.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623129/; classtype:trojan-activity;sid:84486229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.183.177.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623127/; classtype:trojan-activity;sid:84486227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623126)"; flow:established,from_client; content:"GET"; http_method; content:"/ziobigiu84/site/refs/heads/main/launcher.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623126/; classtype:trojan-activity;sid:84486226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623125)"; flow:established,from_client; content:"GET"; http_method; content:"/8tw2fcqh4u.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hv.bi0ic.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623125/; classtype:trojan-activity;sid:84486225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623123)"; flow:established,from_client; content:"GET"; http_method; content:"/midkourtbbe/network/refs/heads/main/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623123/; classtype:trojan-activity;sid:84486223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623122)"; flow:established,from_client; content:"GET"; http_method; content:"/anno29/web/refs/heads/main/software.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623122/; classtype:trojan-activity;sid:84486222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623121)"; flow:established,from_client; content:"GET"; http_method; content:"/ilpigna03/site/refs/heads/main/launcher.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623121/; classtype:trojan-activity;sid:84486221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623120)"; flow:established,from_client; content:"GET"; http_method; content:"/nullarchive/request/refs/heads/main/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623120/; classtype:trojan-activity;sid:84486220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.24.16.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623119/; classtype:trojan-activity;sid:84486219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.84.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623118/; classtype:trojan-activity;sid:84486218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.231.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623117/; classtype:trojan-activity;sid:84486217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.127.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623116/; classtype:trojan-activity;sid:84486216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623115)"; flow:established,from_client; content:"GET"; http_method; content:"/cilcawjocx86fcg.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623115/; classtype:trojan-activity;sid:84486215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623113)"; flow:established,from_client; content:"GET"; http_method; content:"/4bwrmys3gck6h1f.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623113/; classtype:trojan-activity;sid:84486213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623112)"; flow:established,from_client; content:"GET"; http_method; content:"/goodfriday.vbs"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"107.174.212.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623112/; classtype:trojan-activity;sid:84486212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623111)"; flow:established,from_client; content:"GET"; http_method; content:"/firm_shawl.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"172.86.90.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623111/; classtype:trojan-activity;sid:84486211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623107)"; flow:established,from_client; content:"GET"; http_method; content:"/drivers/int_driver.erlang"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"92.246.136.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623107/; classtype:trojan-activity;sid:84486207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623106)"; flow:established,from_client; content:"GET"; http_method; content:"/drivers/int_driver.mipsle"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"92.246.136.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623106/; classtype:trojan-activity;sid:84486206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623105)"; flow:established,from_client; content:"GET"; http_method; content:"/drivers/int_driver.386"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"92.246.136.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623105/; classtype:trojan-activity;sid:84486205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623100)"; flow:established,from_client; content:"GET"; http_method; content:"/drivers/int_driver.armv6"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"92.246.136.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623100/; classtype:trojan-activity;sid:84486200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623101)"; flow:established,from_client; content:"GET"; http_method; content:"/drivers/int_driver.mips64"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"92.246.136.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623101/; classtype:trojan-activity;sid:84486201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623102)"; flow:established,from_client; content:"GET"; http_method; content:"/drivers/int_driver.armv5"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"92.246.136.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623102/; classtype:trojan-activity;sid:84486202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623103)"; flow:established,from_client; content:"GET"; http_method; content:"/drivers/int_driver"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"92.246.136.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623103/; classtype:trojan-activity;sid:84486203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623104)"; flow:established,from_client; content:"GET"; http_method; content:"/drivers/int_driver.mips64le"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"92.246.136.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623104/; classtype:trojan-activity;sid:84486204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623097)"; flow:established,from_client; content:"GET"; http_method; content:"/drivers/int_driver.armv7"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"92.246.136.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623097/; classtype:trojan-activity;sid:84486197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623099)"; flow:established,from_client; content:"GET"; http_method; content:"/drivers/int_driver.arm64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"92.246.136.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623099/; classtype:trojan-activity;sid:84486199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.127.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623082/; classtype:trojan-activity;sid:84486182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623081)"; flow:established,from_client; content:"GET"; http_method; content:"/sh8js8tft6.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hv.bi0ic.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623081/; classtype:trojan-activity;sid:84486181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623078)"; flow:established,from_client; content:"GET"; http_method; content:"/daidaivn/hwid-spoofer-github/releases/download/spoofer-latest/spoofer-github.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623078/; classtype:trojan-activity;sid:84486178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623072)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/2020%20video%20sabinas%20moese/av.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"151.28.230.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623072/; classtype:trojan-activity;sid:84486172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623073)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/2020%20video%20sabinas%20moese/video.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"151.28.230.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623073/; classtype:trojan-activity;sid:84486173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623071)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.28.230.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623071/; classtype:trojan-activity;sid:84486171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623070)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.28.230.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623070/; classtype:trojan-activity;sid:84486170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623066)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/2020%20video%20sabinas%20moese/photo.scr"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"151.28.230.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623066/; classtype:trojan-activity;sid:84486166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623067)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.28.230.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623067/; classtype:trojan-activity;sid:84486167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623068)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/2020%20video%20sabinas%20moese/video.scr"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"151.28.230.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623068/; classtype:trojan-activity;sid:84486168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623069)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/2020%20video%20sabinas%20moese/av.scr"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"151.28.230.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623069/; classtype:trojan-activity;sid:84486169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623064)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.28.230.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623064/; classtype:trojan-activity;sid:84486164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623065)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.28.230.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623065/; classtype:trojan-activity;sid:84486165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623062)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/2020%20video%20sabinas%20moese/photo.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"151.28.230.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623062/; classtype:trojan-activity;sid:84486162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623063)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.28.230.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623063/; classtype:trojan-activity;sid:84486163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623061)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"106.119.204.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623061/; classtype:trojan-activity;sid:84486161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.182.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623060/; classtype:trojan-activity;sid:84486160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.253.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623059/; classtype:trojan-activity;sid:84486159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623058)"; flow:established,from_client; content:"GET"; http_method; content:"/hhh.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"182.92.96.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623058/; classtype:trojan-activity;sid:84486158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623057)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmyth.s.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"182.92.96.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623057/; classtype:trojan-activity;sid:84486157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.52.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623056/; classtype:trojan-activity;sid:84486156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623055)"; flow:established,from_client; content:"GET"; http_method; content:"/rasadhlp.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"124.222.151.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623055/; classtype:trojan-activity;sid:84486155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.84.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623054/; classtype:trojan-activity;sid:84486154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.123.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623052/; classtype:trojan-activity;sid:84486152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.86.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623051/; classtype:trojan-activity;sid:84486151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.116.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623047/; classtype:trojan-activity;sid:84486147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623043)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"31.56.39.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623043/; classtype:trojan-activity;sid:84486143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623040)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"31.56.39.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623040/; classtype:trojan-activity;sid:84486140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623041)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"31.56.39.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623041/; classtype:trojan-activity;sid:84486141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623042)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.56.39.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623042/; classtype:trojan-activity;sid:84486142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623032)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623032/; classtype:trojan-activity;sid:84486132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623033)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"31.56.39.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623033/; classtype:trojan-activity;sid:84486133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623034)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"31.56.39.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623034/; classtype:trojan-activity;sid:84486134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623035)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"31.56.39.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623035/; classtype:trojan-activity;sid:84486135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623036)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"31.56.39.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623036/; classtype:trojan-activity;sid:84486136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623037)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"31.56.39.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623037/; classtype:trojan-activity;sid:84486137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623038)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"31.56.39.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623038/; classtype:trojan-activity;sid:84486138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623039)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"31.56.39.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623039/; classtype:trojan-activity;sid:84486139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623031)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"31.56.39.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623031/; classtype:trojan-activity;sid:84486131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.97.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623030/; classtype:trojan-activity;sid:84486130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.244.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623029/; classtype:trojan-activity;sid:84486129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.9.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623028/; classtype:trojan-activity;sid:84486128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.135.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623027/; classtype:trojan-activity;sid:84486127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.244.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623026/; classtype:trojan-activity;sid:84486126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.77.146.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623024/; classtype:trojan-activity;sid:84486124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.221.247.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623023/; classtype:trojan-activity;sid:84486123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.232.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623022/; classtype:trojan-activity;sid:84486122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.64.170.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623021/; classtype:trojan-activity;sid:84486121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.187.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623016/; classtype:trojan-activity;sid:84486116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.187.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623014/; classtype:trojan-activity;sid:84486114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.234.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623013/; classtype:trojan-activity;sid:84486113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.78.52.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623012/; classtype:trojan-activity;sid:84486112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623011)"; flow:established,from_client; content:"GET"; http_method; content:"/9.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623011/; classtype:trojan-activity;sid:84486111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623010)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1312043415/mg6dkty.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623010/; classtype:trojan-activity;sid:84486110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.64.170.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623009/; classtype:trojan-activity;sid:84486109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.209.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623007/; classtype:trojan-activity;sid:84486107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.131.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623005/; classtype:trojan-activity;sid:84486105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.145.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623004/; classtype:trojan-activity;sid:84486104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.170.134.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623003/; classtype:trojan-activity;sid:84486103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.29.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622999/; classtype:trojan-activity;sid:84486099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622998)"; flow:established,from_client; content:"GET"; http_method; content:"/ajax/pixi.min.js"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"4revergreen.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622998/; classtype:trojan-activity;sid:84486098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.187.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622993/; classtype:trojan-activity;sid:84486093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.127.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622990/; classtype:trojan-activity;sid:84486090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.122.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622991/; classtype:trojan-activity;sid:84486091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.140.138.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622987/; classtype:trojan-activity;sid:84486087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.203.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622988/; classtype:trojan-activity;sid:84486088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.189.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622986/; classtype:trojan-activity;sid:84486086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.57.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622985/; classtype:trojan-activity;sid:84486085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.213.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622983/; classtype:trojan-activity;sid:84486083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.120.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622982/; classtype:trojan-activity;sid:84486082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.159.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622978/; classtype:trojan-activity;sid:84486078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.57.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622977/; classtype:trojan-activity;sid:84486077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.30.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622976/; classtype:trojan-activity;sid:84486076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.100.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622975/; classtype:trojan-activity;sid:84486075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.159.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622974/; classtype:trojan-activity;sid:84486074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.173.159.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622973/; classtype:trojan-activity;sid:84486073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.1.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622972/; classtype:trojan-activity;sid:84486072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.100.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622971/; classtype:trojan-activity;sid:84486071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.151.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622969/; classtype:trojan-activity;sid:84486069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.1.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622968/; classtype:trojan-activity;sid:84486068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.70.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622967/; classtype:trojan-activity;sid:84486067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.100.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622966/; classtype:trojan-activity;sid:84486066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.151.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622965/; classtype:trojan-activity;sid:84486065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.49.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622964/; classtype:trojan-activity;sid:84486064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.70.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622963/; classtype:trojan-activity;sid:84486063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.199.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622962/; classtype:trojan-activity;sid:84486062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.100.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622961/; classtype:trojan-activity;sid:84486061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.95.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622960/; classtype:trojan-activity;sid:84486060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.182.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622956/; classtype:trojan-activity;sid:84486056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.44.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622955/; classtype:trojan-activity;sid:84486055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.241.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622954/; classtype:trojan-activity;sid:84486054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.67.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622953/; classtype:trojan-activity;sid:84486053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.140.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622952/; classtype:trojan-activity;sid:84486052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.116.150.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622948/; classtype:trojan-activity;sid:84486048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.44.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622947/; classtype:trojan-activity;sid:84486047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.82.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622946/; classtype:trojan-activity;sid:84486046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.67.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622944/; classtype:trojan-activity;sid:84486044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.70.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3622943/; classtype:trojan-activity;sid:84486043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.215.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622942/; classtype:trojan-activity;sid:84486042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.150.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622941/; classtype:trojan-activity;sid:84486041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.36.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622940/; classtype:trojan-activity;sid:84486040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.133.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622939/; classtype:trojan-activity;sid:84486039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622922)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"196.251.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622922/; classtype:trojan-activity;sid:84486022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622923)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"196.251.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622923/; classtype:trojan-activity;sid:84486023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622924)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622924/; classtype:trojan-activity;sid:84486024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622925)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622925/; classtype:trojan-activity;sid:84486025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622926)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622926/; classtype:trojan-activity;sid:84486026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622927)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"196.251.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622927/; classtype:trojan-activity;sid:84486027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622928)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"196.251.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622928/; classtype:trojan-activity;sid:84486028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622929)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622929/; classtype:trojan-activity;sid:84486029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622930)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622930/; classtype:trojan-activity;sid:84486030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622931)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622931/; classtype:trojan-activity;sid:84486031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622932)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622932/; classtype:trojan-activity;sid:84486032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622933)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622933/; classtype:trojan-activity;sid:84486033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622934)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622934/; classtype:trojan-activity;sid:84486034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622935)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622935/; classtype:trojan-activity;sid:84486035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622936)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622936/; classtype:trojan-activity;sid:84486036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622937)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"196.251.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622937/; classtype:trojan-activity;sid:84486037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622938)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622938/; classtype:trojan-activity;sid:84486038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622921)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622921/; classtype:trojan-activity;sid:84486021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622918)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622918/; classtype:trojan-activity;sid:84486018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622919)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622919/; classtype:trojan-activity;sid:84486019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622920)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622920/; classtype:trojan-activity;sid:84486020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622917)"; flow:established,from_client; content:"GET"; http_method; content:"/hvho0t18ib.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"go.fe1it.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622917/; classtype:trojan-activity;sid:84486017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622916)"; flow:established,from_client; content:"GET"; http_method; content:"/by.check|3f|t=gdz85h31"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"or.ciqe8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622916/; classtype:trojan-activity;sid:84486016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622915)"; flow:established,from_client; content:"GET"; http_method; content:"/ofzqjizdeo.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"go.fe1it.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622915/; classtype:trojan-activity;sid:84486015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.177.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622914/; classtype:trojan-activity;sid:84486014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.177.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622913/; classtype:trojan-activity;sid:84486013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.233.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622912/; classtype:trojan-activity;sid:84486012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.36.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622911/; classtype:trojan-activity;sid:84486011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.49.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622909/; classtype:trojan-activity;sid:84486009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.144.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622910/; classtype:trojan-activity;sid:84486010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622908)"; flow:established,from_client; content:"GET"; http_method; content:"/t67jv3bw9y.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"go.fe1it.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622908/; classtype:trojan-activity;sid:84486008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622907)"; flow:established,from_client; content:"GET"; http_method; content:"/be.google|3f|t=boxz3oa4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"on.ciqe8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622907/; classtype:trojan-activity;sid:84486007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622906)"; flow:established,from_client; content:"GET"; http_method; content:"/hye7zhw1if.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"go.fe1it.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622906/; classtype:trojan-activity;sid:84486006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.222.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622905/; classtype:trojan-activity;sid:84486005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.144.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622904/; classtype:trojan-activity;sid:84486004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.49.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622903/; classtype:trojan-activity;sid:84486003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.20.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622902/; classtype:trojan-activity;sid:84486002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.222.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622901/; classtype:trojan-activity;sid:84486001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.2.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622900/; classtype:trojan-activity;sid:84486000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.119.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622899/; classtype:trojan-activity;sid:84485999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622898)"; flow:established,from_client; content:"GET"; http_method; content:"/cy8md4rfli.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"by.ty1un.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622898/; classtype:trojan-activity;sid:84485998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622897)"; flow:established,from_client; content:"GET"; http_method; content:"/5xasmnpu3e.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"by.ty1un.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622897/; classtype:trojan-activity;sid:84485997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622896)"; flow:established,from_client; content:"GET"; http_method; content:"/as.check|3f|t=g1qh2i1p"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"of.buno8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622896/; classtype:trojan-activity;sid:84485996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.68.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622895/; classtype:trojan-activity;sid:84485995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.66.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622894/; classtype:trojan-activity;sid:84485994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.2.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622893/; classtype:trojan-activity;sid:84485993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.29.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622892/; classtype:trojan-activity;sid:84485992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.118.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622891/; classtype:trojan-activity;sid:84485991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.33.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622890/; classtype:trojan-activity;sid:84485990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.255.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622889/; classtype:trojan-activity;sid:84485989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.118.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622888/; classtype:trojan-activity;sid:84485988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.33.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622887/; classtype:trojan-activity;sid:84485987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.234.202.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622886/; classtype:trojan-activity;sid:84485986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.193.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622885/; classtype:trojan-activity;sid:84485985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.255.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622884/; classtype:trojan-activity;sid:84485984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.237.8.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622883/; classtype:trojan-activity;sid:84485983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"199.16.59.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622882/; classtype:trojan-activity;sid:84485982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.112.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622881/; classtype:trojan-activity;sid:84485981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.252.166.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622880/; classtype:trojan-activity;sid:84485980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.159.244.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622879/; classtype:trojan-activity;sid:84485979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622878)"; flow:established,from_client; content:"GET"; http_method; content:"/wl7xnd1r4z.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"by.ty1un.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622878/; classtype:trojan-activity;sid:84485978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622877)"; flow:established,from_client; content:"GET"; http_method; content:"/dermiiwvgd.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"by.ty1un.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622877/; classtype:trojan-activity;sid:84485977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622876)"; flow:established,from_client; content:"GET"; http_method; content:"/an.google|3f|t=luev5mkc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"no.buno8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622876/; classtype:trojan-activity;sid:84485976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.152.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622875/; classtype:trojan-activity;sid:84485975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.53.244"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622874/; classtype:trojan-activity;sid:84485974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.228.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622872/; classtype:trojan-activity;sid:84485972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.210.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622873/; classtype:trojan-activity;sid:84485973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.140.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622871/; classtype:trojan-activity;sid:84485971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.129.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622870/; classtype:trojan-activity;sid:84485970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.51.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622869/; classtype:trojan-activity;sid:84485969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.153.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622868/; classtype:trojan-activity;sid:84485968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.112.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622866/; classtype:trojan-activity;sid:84485966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.246.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622867/; classtype:trojan-activity;sid:84485967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.156.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622863/; classtype:trojan-activity;sid:84485963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.41.140.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622864/; classtype:trojan-activity;sid:84485964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.241.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622865/; classtype:trojan-activity;sid:84485965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.183.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622861/; classtype:trojan-activity;sid:84485961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.151.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622862/; classtype:trojan-activity;sid:84485962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.232.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622860/; classtype:trojan-activity;sid:84485960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.193.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622859/; classtype:trojan-activity;sid:84485959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.15.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622858/; classtype:trojan-activity;sid:84485958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.255.167.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622857/; classtype:trojan-activity;sid:84485957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.241.143.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622856/; classtype:trojan-activity;sid:84485956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.72.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622855/; classtype:trojan-activity;sid:84485955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.41.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622854/; classtype:trojan-activity;sid:84485954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.119.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622853/; classtype:trojan-activity;sid:84485953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.118.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622852/; classtype:trojan-activity;sid:84485952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.41.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622851/; classtype:trojan-activity;sid:84485951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622850)"; flow:established,from_client; content:"GET"; http_method; content:"/hp7jc8fg4s.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"by.ty1un.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622850/; classtype:trojan-activity;sid:84485950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622848)"; flow:established,from_client; content:"GET"; http_method; content:"/2dc065f62ee8774c2517bf4c4d2c1211"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"md.cykugeu.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622848/; classtype:trojan-activity;sid:84485948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622849)"; flow:established,from_client; content:"GET"; http_method; content:"/we.check|3f|t=uwznwzpm"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"me.buno8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622849/; classtype:trojan-activity;sid:84485949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622847)"; flow:established,from_client; content:"GET"; http_method; content:"/0jdecoznxo.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"by.ty1un.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622847/; classtype:trojan-activity;sid:84485947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.150.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622846/; classtype:trojan-activity;sid:84485946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.72.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622845/; classtype:trojan-activity;sid:84485945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.241.143.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622844/; classtype:trojan-activity;sid:84485944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.41.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622843/; classtype:trojan-activity;sid:84485943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.95.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622842/; classtype:trojan-activity;sid:84485942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.116.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622841/; classtype:trojan-activity;sid:84485941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.118.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622840/; classtype:trojan-activity;sid:84485940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.95.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622839/; classtype:trojan-activity;sid:84485939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.82.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622838/; classtype:trojan-activity;sid:84485938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.64.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622837/; classtype:trojan-activity;sid:84485937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.190.238.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622836/; classtype:trojan-activity;sid:84485936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.154.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622835/; classtype:trojan-activity;sid:84485935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.44.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622834/; classtype:trojan-activity;sid:84485934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.252.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622832/; classtype:trojan-activity;sid:84485932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.64.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622833/; classtype:trojan-activity;sid:84485933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.171.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622831/; classtype:trojan-activity;sid:84485931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.82.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622830/; classtype:trojan-activity;sid:84485930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.44.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622829/; classtype:trojan-activity;sid:84485929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622827)"; flow:established,from_client; content:"GET"; http_method; content:"/xeky7a4dws.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"as.ty1un.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622827/; classtype:trojan-activity;sid:84485927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622828)"; flow:established,from_client; content:"GET"; http_method; content:"/nus6ynb88t.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"as.ty1un.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622828/; classtype:trojan-activity;sid:84485928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622826)"; flow:established,from_client; content:"GET"; http_method; content:"/so.google|3f|t=dfmz9gdz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"it.buno8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622826/; classtype:trojan-activity;sid:84485926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.153.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622825/; classtype:trojan-activity;sid:84485925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.157.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622824/; classtype:trojan-activity;sid:84485924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.109.162.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622823/; classtype:trojan-activity;sid:84485923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.51.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622822/; classtype:trojan-activity;sid:84485922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.157.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622821/; classtype:trojan-activity;sid:84485921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.169.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622820/; classtype:trojan-activity;sid:84485920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.250.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622819/; classtype:trojan-activity;sid:84485919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.138.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622818/; classtype:trojan-activity;sid:84485918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.138.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622817/; classtype:trojan-activity;sid:84485917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.64.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622816/; classtype:trojan-activity;sid:84485916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622815)"; flow:established,from_client; content:"GET"; http_method; content:"/0b5xytebpm.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"as.ty1un.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622815/; classtype:trojan-activity;sid:84485915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622814)"; flow:established,from_client; content:"GET"; http_method; content:"/7jxderwyw4.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"as.ty1un.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622814/; classtype:trojan-activity;sid:84485914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622813)"; flow:established,from_client; content:"GET"; http_method; content:"/or.check|3f|t=3ehwi9al"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"is.buno8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622813/; classtype:trojan-activity;sid:84485913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.204.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622812/; classtype:trojan-activity;sid:84485912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622811)"; flow:established,from_client; content:"GET"; http_method; content:"/it.google|3f|t=pwp2deab"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"in.boku-0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622811/; classtype:trojan-activity;sid:84485911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622810)"; flow:established,from_client; content:"GET"; http_method; content:"/qok5aqzizi.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"as.ty1un.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622810/; classtype:trojan-activity;sid:84485910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622809)"; flow:established,from_client; content:"GET"; http_method; content:"/ssrnmwl2h0.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"as.ty1un.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622809/; classtype:trojan-activity;sid:84485909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622808/; classtype:trojan-activity;sid:84485908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.51.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622807/; classtype:trojan-activity;sid:84485907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.41.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622806/; classtype:trojan-activity;sid:84485906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.255.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622805/; classtype:trojan-activity;sid:84485905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.65.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622804/; classtype:trojan-activity;sid:84485904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.250.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622803/; classtype:trojan-activity;sid:84485903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622802)"; flow:established,from_client; content:"GET"; http_method; content:"/dpvhdd88wh.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wo.by3iq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622802/; classtype:trojan-activity;sid:84485902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622801)"; flow:established,from_client; content:"GET"; http_method; content:"/1rbvroleww.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wo.by3iq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622801/; classtype:trojan-activity;sid:84485901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622800)"; flow:established,from_client; content:"GET"; http_method; content:"/am.check|3f|t=lwbcwxvc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"if.boku-0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622800/; classtype:trojan-activity;sid:84485900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.215.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622799/; classtype:trojan-activity;sid:84485899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622798)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.178.47.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622798/; classtype:trojan-activity;sid:84485898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.101.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622797/; classtype:trojan-activity;sid:84485897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.165.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622796/; classtype:trojan-activity;sid:84485896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622795)"; flow:established,from_client; content:"GET"; http_method; content:"/c/rzn.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"poppy.monster"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622795/; classtype:trojan-activity;sid:84485895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622794)"; flow:established,from_client; content:"GET"; http_method; content:"/signalanal.lzh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cloud-fiber.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622794/; classtype:trojan-activity;sid:84485894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.101.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622792/; classtype:trojan-activity;sid:84485892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.189.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622793/; classtype:trojan-activity;sid:84485893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622791)"; flow:established,from_client; content:"GET"; http_method; content:"/111.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minepulse.pro"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622791/; classtype:trojan-activity;sid:84485891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622790)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1540890878/kg7re22.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622790/; classtype:trojan-activity;sid:84485890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.15.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622789/; classtype:trojan-activity;sid:84485889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622788)"; flow:established,from_client; content:"GET"; http_method; content:"/wba4ybxpkz.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wo.by3iq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622788/; classtype:trojan-activity;sid:84485888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622787)"; flow:established,from_client; content:"GET"; http_method; content:"/is.google|3f|t=r8z5g1zu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"he.boku-0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622787/; classtype:trojan-activity;sid:84485887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622786)"; flow:established,from_client; content:"GET"; http_method; content:"/i3qp0225wc.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wo.by3iq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622786/; classtype:trojan-activity;sid:84485886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.113.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622785/; classtype:trojan-activity;sid:84485885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622784)"; flow:established,from_client; content:"GET"; http_method; content:"/tiin6h32k0.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wo.by3iq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622784/; classtype:trojan-activity;sid:84485884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622783)"; flow:established,from_client; content:"GET"; http_method; content:"/no.check|3f|t=mdq10tqi"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"go.boku-0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622783/; classtype:trojan-activity;sid:84485883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622782)"; flow:established,from_client; content:"GET"; http_method; content:"/w3o2clqtxg.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wo.by3iq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622782/; classtype:trojan-activity;sid:84485882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.189.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622781/; classtype:trojan-activity;sid:84485881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.255.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622780/; classtype:trojan-activity;sid:84485880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622779)"; flow:established,from_client; content:"GET"; http_method; content:"/qskba601p7.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wo.by3iq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622779/; classtype:trojan-activity;sid:84485879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622778)"; flow:established,from_client; content:"GET"; http_method; content:"/up.google|3f|t=b20sster"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"do.boku-0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622778/; classtype:trojan-activity;sid:84485878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622777)"; flow:established,from_client; content:"GET"; http_method; content:"/ww6viyjgja.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wo.by3iq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622777/; classtype:trojan-activity;sid:84485877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.162.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622776/; classtype:trojan-activity;sid:84485876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.113.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622775/; classtype:trojan-activity;sid:84485875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.69.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622774/; classtype:trojan-activity;sid:84485874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.165.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622773/; classtype:trojan-activity;sid:84485873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622772)"; flow:established,from_client; content:"GET"; http_method; content:"/6qmkhgu845.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wo.by3iq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622772/; classtype:trojan-activity;sid:84485872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622771)"; flow:established,from_client; content:"GET"; http_method; content:"/00q6y97omm.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wo.by3iq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622771/; classtype:trojan-activity;sid:84485871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622770)"; flow:established,from_client; content:"GET"; http_method; content:"/at.check|3f|t=vxsmyxqn"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"by.boku0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622770/; classtype:trojan-activity;sid:84485870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.254.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622769/; classtype:trojan-activity;sid:84485869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.245.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622768/; classtype:trojan-activity;sid:84485868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.179.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622767/; classtype:trojan-activity;sid:84485867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.169.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622766/; classtype:trojan-activity;sid:84485866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622765)"; flow:established,from_client; content:"GET"; http_method; content:"/ss5wqmhzah.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wo.by3iq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622765/; classtype:trojan-activity;sid:84485865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622764)"; flow:established,from_client; content:"GET"; http_method; content:"/nbzd08i35z.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wo.by3iq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622764/; classtype:trojan-activity;sid:84485864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622763)"; flow:established,from_client; content:"GET"; http_method; content:"/of.google|3f|t=budm053w"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"be.boku0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622763/; classtype:trojan-activity;sid:84485863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.254.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622762/; classtype:trojan-activity;sid:84485862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622761)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/b/bosskay_encoded.txt"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"45.61.150.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622761/; classtype:trojan-activity;sid:84485861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622759)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/hold/image.jpg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"ihmmkvkaiwnilneauhfn.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622759/; classtype:trojan-activity;sid:84485859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622760)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/r/roccee_encoded.txt"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"45.61.150.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622760/; classtype:trojan-activity;sid:84485860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622758)"; flow:established,from_client; content:"GET"; http_method; content:"/ping.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cloud-fiber.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622758/; classtype:trojan-activity;sid:84485858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.179.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622757/; classtype:trojan-activity;sid:84485857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622756)"; flow:established,from_client; content:"GET"; http_method; content:"/in.check|3f|t=8kk1mc2q"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"at.boku0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622756/; classtype:trojan-activity;sid:84485856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622755)"; flow:established,from_client; content:"GET"; http_method; content:"/71h9srsa0h.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wo.by3iq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622755/; classtype:trojan-activity;sid:84485855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622753)"; flow:established,from_client; content:"GET"; http_method; content:"/lwwn0cz45dyxahs.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622753/; classtype:trojan-activity;sid:84485853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622754)"; flow:established,from_client; content:"GET"; http_method; content:"/aygl42g34j.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wo.by3iq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622754/; classtype:trojan-activity;sid:84485854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622752)"; flow:established,from_client; content:"GET"; http_method; content:"/shimcomthurs.vbs"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.69.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622752/; classtype:trojan-activity;sid:84485852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.70.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622751/; classtype:trojan-activity;sid:84485851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.220.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622750/; classtype:trojan-activity;sid:84485850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.157.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622749/; classtype:trojan-activity;sid:84485849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.252.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622748/; classtype:trojan-activity;sid:84485848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.99.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622747/; classtype:trojan-activity;sid:84485847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.132.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622746/; classtype:trojan-activity;sid:84485846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.252.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622745/; classtype:trojan-activity;sid:84485845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.252.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622744/; classtype:trojan-activity;sid:84485844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.49.73.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622743/; classtype:trojan-activity;sid:84485843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622741)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.247.222.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622741/; classtype:trojan-activity;sid:84485841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.69.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622742/; classtype:trojan-activity;sid:84485842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622740)"; flow:established,from_client; content:"GET"; http_method; content:"/0vjhj5dnwpthvfs.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622740/; classtype:trojan-activity;sid:84485840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.149.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622739/; classtype:trojan-activity;sid:84485839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.196.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622738/; classtype:trojan-activity;sid:84485838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.198.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622736/; classtype:trojan-activity;sid:84485836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.0.28.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622737/; classtype:trojan-activity;sid:84485837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622735)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.aarch64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622735/; classtype:trojan-activity;sid:84485835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622734)"; flow:established,from_client; content:"GET"; http_method; content:"/hgx.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"alpinreisan1.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622734/; classtype:trojan-activity;sid:84485834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622733)"; flow:established,from_client; content:"GET"; http_method; content:"/shimfriday.vbs"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.69.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622733/; classtype:trojan-activity;sid:84485833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.224.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622732/; classtype:trojan-activity;sid:84485832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622731)"; flow:established,from_client; content:"GET"; http_method; content:"/to.google|3f|t=ds3dfcnz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"as.boku0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622731/; classtype:trojan-activity;sid:84485831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622729)"; flow:established,from_client; content:"GET"; http_method; content:"/0qp7k1d6d9.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wo.by3iq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622729/; classtype:trojan-activity;sid:84485829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622730)"; flow:established,from_client; content:"GET"; http_method; content:"/nh429o82fj.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wo.by3iq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622730/; classtype:trojan-activity;sid:84485830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622728)"; flow:established,from_client; content:"GET"; http_method; content:"/133/goodwithbestfeelingsitsgivenmebestbentirefeelingsgoodfomrebest.hta"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"96.44.159.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622728/; classtype:trojan-activity;sid:84485828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.221.222.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622727/; classtype:trojan-activity;sid:84485827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622726)"; flow:established,from_client; content:"GET"; http_method; content:"/y9lu4dw2vh.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kj.by3iq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622726/; classtype:trojan-activity;sid:84485826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622725)"; flow:established,from_client; content:"GET"; http_method; content:"/jksqqi2x5d.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kj.by3iq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622725/; classtype:trojan-activity;sid:84485825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622724)"; flow:established,from_client; content:"GET"; http_method; content:"/on.check|3f|t=q7uj2an6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"an.boku0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622724/; classtype:trojan-activity;sid:84485824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.23.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622723/; classtype:trojan-activity;sid:84485823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622722)"; flow:established,from_client; content:"GET"; http_method; content:"/4v968fzkwo.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kj.by3iq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622722/; classtype:trojan-activity;sid:84485822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622721)"; flow:established,from_client; content:"GET"; http_method; content:"/sb1vjxptp1.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kj.by3iq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622721/; classtype:trojan-activity;sid:84485821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622720)"; flow:established,from_client; content:"GET"; http_method; content:"/pgni.google|3f|t=iw6dznk9"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"l.bi3ux.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622720/; classtype:trojan-activity;sid:84485820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622719)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250911035523.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"209.54.102.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622719/; classtype:trojan-activity;sid:84485819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622718)"; flow:established,from_client; content:"GET"; http_method; content:"/0s7r99da23.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kj.by3iq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622718/; classtype:trojan-activity;sid:84485818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.23.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622717/; classtype:trojan-activity;sid:84485817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622716)"; flow:established,from_client; content:"GET"; http_method; content:"/ehbnmomcea.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kj.by3iq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622716/; classtype:trojan-activity;sid:84485816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622715)"; flow:established,from_client; content:"GET"; http_method; content:"/em.check|3f|t=qpbkosd3"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"zpa.bi3ux.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622715/; classtype:trojan-activity;sid:84485815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.15.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622714/; classtype:trojan-activity;sid:84485814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622712)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.155.95.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622712/; classtype:trojan-activity;sid:84485812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622713)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.155.95.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622713/; classtype:trojan-activity;sid:84485813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622710)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622710/; classtype:trojan-activity;sid:84485810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622711)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.155.95.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622711/; classtype:trojan-activity;sid:84485811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622701)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.155.95.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622701/; classtype:trojan-activity;sid:84485801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622702)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.155.95.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622702/; classtype:trojan-activity;sid:84485802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622703)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.155.95.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622703/; classtype:trojan-activity;sid:84485803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622704)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.155.95.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622704/; classtype:trojan-activity;sid:84485804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622705)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.155.95.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622705/; classtype:trojan-activity;sid:84485805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622706)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.155.95.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622706/; classtype:trojan-activity;sid:84485806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622707)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.155.95.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622707/; classtype:trojan-activity;sid:84485807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622708)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.155.95.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622708/; classtype:trojan-activity;sid:84485808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622709)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.155.95.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622709/; classtype:trojan-activity;sid:84485809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622698)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.155.95.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622698/; classtype:trojan-activity;sid:84485798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622699)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.155.95.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622699/; classtype:trojan-activity;sid:84485799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622700)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.155.95.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622700/; classtype:trojan-activity;sid:84485800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622682)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622682/; classtype:trojan-activity;sid:84485782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622683)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622683/; classtype:trojan-activity;sid:84485783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622684)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622684/; classtype:trojan-activity;sid:84485784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622685)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622685/; classtype:trojan-activity;sid:84485785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622686)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622686/; classtype:trojan-activity;sid:84485786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622687)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622687/; classtype:trojan-activity;sid:84485787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622688)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622688/; classtype:trojan-activity;sid:84485788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622689)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622689/; classtype:trojan-activity;sid:84485789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622690)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622690/; classtype:trojan-activity;sid:84485790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622691)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622691/; classtype:trojan-activity;sid:84485791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622692)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622692/; classtype:trojan-activity;sid:84485792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622693)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622693/; classtype:trojan-activity;sid:84485793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622694)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622694/; classtype:trojan-activity;sid:84485794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622695)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622695/; classtype:trojan-activity;sid:84485795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622696)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622696/; classtype:trojan-activity;sid:84485796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622697)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sparc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622697/; classtype:trojan-activity;sid:84485797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.204.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622681/; classtype:trojan-activity;sid:84485781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622680)"; flow:established,from_client; content:"GET"; http_method; content:"/files/629582567/a4bwsxk.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622680/; classtype:trojan-activity;sid:84485780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622679)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"175.30.114.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622679/; classtype:trojan-activity;sid:84485779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622678)"; flow:established,from_client; content:"GET"; http_method; content:"/4rj6xpghub.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zu.wi9ik.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622678/; classtype:trojan-activity;sid:84485778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622677)"; flow:established,from_client; content:"GET"; http_method; content:"/ktod0q8iya.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zu.wi9ik.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622677/; classtype:trojan-activity;sid:84485777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622676)"; flow:established,from_client; content:"GET"; http_method; content:"/oya.check|3f|t=kuk5l77c"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mri.bi3ux.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622676/; classtype:trojan-activity;sid:84485776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.254.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622675/; classtype:trojan-activity;sid:84485775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.51.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622674/; classtype:trojan-activity;sid:84485774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.224.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622673/; classtype:trojan-activity;sid:84485773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.254.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622672/; classtype:trojan-activity;sid:84485772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.150.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622671/; classtype:trojan-activity;sid:84485771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.240.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622670/; classtype:trojan-activity;sid:84485770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.24.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622669/; classtype:trojan-activity;sid:84485769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.200.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622668/; classtype:trojan-activity;sid:84485768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.91.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622667/; classtype:trojan-activity;sid:84485767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.88.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622666/; classtype:trojan-activity;sid:84485766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.112.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622665/; classtype:trojan-activity;sid:84485765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622664)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"180.115.172.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622664/; classtype:trojan-activity;sid:84485764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622663)"; flow:established,from_client; content:"GET"; http_method; content:"/tc.google|3f|t=r0qec4jb"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ha.bi3ux.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622663/; classtype:trojan-activity;sid:84485763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622662)"; flow:established,from_client; content:"GET"; http_method; content:"/yg8q325xf4.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zu.wi9ik.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622662/; classtype:trojan-activity;sid:84485762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622661)"; flow:established,from_client; content:"GET"; http_method; content:"/4xj7canhaa.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zu.wi9ik.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622661/; classtype:trojan-activity;sid:84485761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.24.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622660/; classtype:trojan-activity;sid:84485760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.44.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622659/; classtype:trojan-activity;sid:84485759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.200.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622658/; classtype:trojan-activity;sid:84485758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.88.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622656/; classtype:trojan-activity;sid:84485756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622657)"; flow:established,from_client; content:"GET"; http_method; content:"/p3fbrsl0mr.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hb.wi9ik.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622657/; classtype:trojan-activity;sid:84485757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622655)"; flow:established,from_client; content:"GET"; http_method; content:"/tow8zuaulc.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hb.wi9ik.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622655/; classtype:trojan-activity;sid:84485755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622654)"; flow:established,from_client; content:"GET"; http_method; content:"/oza.check|3f|t=m29pmldn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nl.qe3yn.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622654/; classtype:trojan-activity;sid:84485754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.238.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622653/; classtype:trojan-activity;sid:84485753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.91.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622652/; classtype:trojan-activity;sid:84485752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.112.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622651/; classtype:trojan-activity;sid:84485751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.169.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622650/; classtype:trojan-activity;sid:84485750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.110.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622649/; classtype:trojan-activity;sid:84485749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.59.96.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622648/; classtype:trojan-activity;sid:84485748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.253.18.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622647/; classtype:trojan-activity;sid:84485747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622646)"; flow:established,from_client; content:"GET"; http_method; content:"/image.jpg|3f|12711343"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"blockchainnportfolio.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622646/; classtype:trojan-activity;sid:84485746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622645)"; flow:established,from_client; content:"GET"; http_method; content:"/7dbgkwxz/image.jpg|3f|12711343"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"i.ibb.co"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622645/; classtype:trojan-activity;sid:84485745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622643)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano_duso/image.jpg|3f|12711343p"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"frygzjyhtiunvhvnacif.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622643/; classtype:trojan-activity;sid:84485743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.240.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622644/; classtype:trojan-activity;sid:84485744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.113.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622642/; classtype:trojan-activity;sid:84485742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622639)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano_duso/image.jpg|3f|12711343"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"frygzjyhtiunvhvnacif.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622639/; classtype:trojan-activity;sid:84485739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622640)"; flow:established,from_client; content:"GET"; http_method; content:"/dgfhhdfghdfggd/jfsdfgdf/raw/5f51b603e36edd4c32ff5999c330b62b3660ef04/image.jpg"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622640/; classtype:trojan-activity;sid:84485740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622641)"; flow:established,from_client; content:"GET"; http_method; content:"/dgfhhdfghdfggd/jfsdfgdf/raw/5f51b603e36edd4c32ff5999c330b62b3660ef04/image.jpg|3f|12711343"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622641/; classtype:trojan-activity;sid:84485741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622637)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7392774356/olfams7.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622637/; classtype:trojan-activity;sid:84485737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622638)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/hold/image.jpg|3f|12711343"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"ihmmkvkaiwnilneauhfn.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622638/; classtype:trojan-activity;sid:84485738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622636)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano/image.jpg|3f|12711343"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"bbrlxwtkbgvpnpfykexu.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622636/; classtype:trojan-activity;sid:84485736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622632)"; flow:established,from_client; content:"GET"; http_method; content:"/7dbgkwxz/image.jpg|3f|12711343t"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"i.ibb.co"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622632/; classtype:trojan-activity;sid:84485732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622633)"; flow:established,from_client; content:"GET"; http_method; content:"/7dbgkwxz/image.jpg/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"i.ibb.co"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622633/; classtype:trojan-activity;sid:84485733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622634)"; flow:established,from_client; content:"GET"; http_method; content:"/7dbgkwxz/image.jpg|3f|12711343t/"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"i.ibb.co"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622634/; classtype:trojan-activity;sid:84485734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622635)"; flow:established,from_client; content:"GET"; http_method; content:"/hgfdfsf/jkr4/raw/6dde00008905832059ba3d86f9ab9327713a4d95/image.jpg|3f|12711343"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622635/; classtype:trojan-activity;sid:84485735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.113.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622631/; classtype:trojan-activity;sid:84485731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.110.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622630/; classtype:trojan-activity;sid:84485730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.169.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622629/; classtype:trojan-activity;sid:84485729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.194.250.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622628/; classtype:trojan-activity;sid:84485728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622627)"; flow:established,from_client; content:"GET"; http_method; content:"/111.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.23.199.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622627/; classtype:trojan-activity;sid:84485727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622626)"; flow:established,from_client; content:"GET"; http_method; content:"/km.bat"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.23.199.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622626/; classtype:trojan-activity;sid:84485726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622625)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.hcsnet.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622625/; classtype:trojan-activity;sid:84485725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622623)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.hcsnet.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622623/; classtype:trojan-activity;sid:84485723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622624)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.hcsnet.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622624/; classtype:trojan-activity;sid:84485724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622618)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622618/; classtype:trojan-activity;sid:84485718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622619)"; flow:established,from_client; content:"GET"; http_method; content:"/mips64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.192.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622619/; classtype:trojan-activity;sid:84485719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622620)"; flow:established,from_client; content:"GET"; http_method; content:"/mips64el"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.192.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622620/; classtype:trojan-activity;sid:84485720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622621)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.192.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622621/; classtype:trojan-activity;sid:84485721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622622)"; flow:established,from_client; content:"GET"; http_method; content:"/386"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.192.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622622/; classtype:trojan-activity;sid:84485722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622616)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622616/; classtype:trojan-activity;sid:84485716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622617)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622617/; classtype:trojan-activity;sid:84485717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622615)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"85.192.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622615/; classtype:trojan-activity;sid:84485715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622614)"; flow:established,from_client; content:"GET"; http_method; content:"/vfluivasw4.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hb.wi9ik.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622614/; classtype:trojan-activity;sid:84485714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622613)"; flow:established,from_client; content:"GET"; http_method; content:"/linux-arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.192.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622613/; classtype:trojan-activity;sid:84485713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622606)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.192.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622606/; classtype:trojan-activity;sid:84485706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622607)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.149.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622607/; classtype:trojan-activity;sid:84485707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622608)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.149.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622608/; classtype:trojan-activity;sid:84485708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.171.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622609/; classtype:trojan-activity;sid:84485709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622610)"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.192.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622610/; classtype:trojan-activity;sid:84485710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622611)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.149.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622611/; classtype:trojan-activity;sid:84485711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.119.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622612/; classtype:trojan-activity;sid:84485712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622597)"; flow:established,from_client; content:"GET"; http_method; content:"/2.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622597/; classtype:trojan-activity;sid:84485697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622598)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.149.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622598/; classtype:trojan-activity;sid:84485698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622599)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.149.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622599/; classtype:trojan-activity;sid:84485699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622600)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.149.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622600/; classtype:trojan-activity;sid:84485700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622601)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.149.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622601/; classtype:trojan-activity;sid:84485701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622602)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.149.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622602/; classtype:trojan-activity;sid:84485702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622603)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.149.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622603/; classtype:trojan-activity;sid:84485703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622604)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.149.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622604/; classtype:trojan-activity;sid:84485704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622605)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.149.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622605/; classtype:trojan-activity;sid:84485705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622596)"; flow:established,from_client; content:"GET"; http_method; content:"/rv.google|3f|t=lkpx59j9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pru.qe3yn.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622596/; classtype:trojan-activity;sid:84485696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622595)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622595/; classtype:trojan-activity;sid:84485695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622594)"; flow:established,from_client; content:"GET"; http_method; content:"/cubklm7dy4.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hb.wi9ik.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622594/; classtype:trojan-activity;sid:84485694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622592)"; flow:established,from_client; content:"GET"; http_method; content:"/alschv5tmi.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pc.mo5un.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622592/; classtype:trojan-activity;sid:84485692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622593)"; flow:established,from_client; content:"GET"; http_method; content:"/qd8ufk4ehw.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pc.mo5un.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622593/; classtype:trojan-activity;sid:84485693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622591)"; flow:established,from_client; content:"GET"; http_method; content:"/dna.check|3f|t=jrne2acr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ta.qe3yn.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622591/; classtype:trojan-activity;sid:84485691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.250.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622589/; classtype:trojan-activity;sid:84485689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.16.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622590/; classtype:trojan-activity;sid:84485690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.157.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622588/; classtype:trojan-activity;sid:84485688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.241.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622587/; classtype:trojan-activity;sid:84485687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.170.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622586/; classtype:trojan-activity;sid:84485686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622585)"; flow:established,from_client; content:"GET"; http_method; content:"/27zgdnwd78.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pc.mo5un.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622585/; classtype:trojan-activity;sid:84485685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622584)"; flow:established,from_client; content:"GET"; http_method; content:"/4wmrahb8wp.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pc.mo5un.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622584/; classtype:trojan-activity;sid:84485684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622583)"; flow:established,from_client; content:"GET"; http_method; content:"/yq.google|3f|t=knes1jvx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vex.qe3yn.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622583/; classtype:trojan-activity;sid:84485683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.170.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622582/; classtype:trojan-activity;sid:84485682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.171.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622581/; classtype:trojan-activity;sid:84485681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622580)"; flow:established,from_client; content:"GET"; http_method; content:"/lllsg0we1n.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pc.mo5un.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622580/; classtype:trojan-activity;sid:84485680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622579)"; flow:established,from_client; content:"GET"; http_method; content:"/6dpoogx3ju.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pc.mo5un.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622579/; classtype:trojan-activity;sid:84485679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622578)"; flow:established,from_client; content:"GET"; http_method; content:"/em.check|3f|t=jzfwdg4a"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"jo.qe3yn.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622578/; classtype:trojan-activity;sid:84485678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.218.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622577/; classtype:trojan-activity;sid:84485677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.109.162.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622576/; classtype:trojan-activity;sid:84485676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.199.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622575/; classtype:trojan-activity;sid:84485675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.218.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622574/; classtype:trojan-activity;sid:84485674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622573)"; flow:established,from_client; content:"GET"; http_method; content:"/qsuqdqfcay.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pc.mo5un.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622573/; classtype:trojan-activity;sid:84485673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622572)"; flow:established,from_client; content:"GET"; http_method; content:"/pxnznuzs35.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pc.mo5un.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622572/; classtype:trojan-activity;sid:84485672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622571)"; flow:established,from_client; content:"GET"; http_method; content:"/lmi.google|3f|t=2lo09sc8"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"cy.fo1od.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622571/; classtype:trojan-activity;sid:84485671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.232.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622570/; classtype:trojan-activity;sid:84485670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.141.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622569/; classtype:trojan-activity;sid:84485669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.80.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622568/; classtype:trojan-activity;sid:84485668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622565/; classtype:trojan-activity;sid:84485665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.6.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622566/; classtype:trojan-activity;sid:84485666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.199.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622567/; classtype:trojan-activity;sid:84485667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.90.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622564/; classtype:trojan-activity;sid:84485664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.126.86.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622563/; classtype:trojan-activity;sid:84485663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622562)"; flow:established,from_client; content:"GET"; http_method; content:"/stux2.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.245.255.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622562/; classtype:trojan-activity;sid:84485662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622559)"; flow:established,from_client; content:"GET"; http_method; content:"/havoc/payloads/dllldr.x64.bin"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.245.255.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622559/; classtype:trojan-activity;sid:84485659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622560)"; flow:established,from_client; content:"GET"; http_method; content:"/havoc/payloads/shellcode.x86.bin"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"91.245.255.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622560/; classtype:trojan-activity;sid:84485660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622561)"; flow:established,from_client; content:"GET"; http_method; content:"/havoc/payloads/shellcode.x64.bin"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"91.245.255.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622561/; classtype:trojan-activity;sid:84485661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.91.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622558/; classtype:trojan-activity;sid:84485658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.92.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622557/; classtype:trojan-activity;sid:84485657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.181.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622556/; classtype:trojan-activity;sid:84485656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622555)"; flow:established,from_client; content:"GET"; http_method; content:"/dc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"67.159.18.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622555/; classtype:trojan-activity;sid:84485655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.105.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622554/; classtype:trojan-activity;sid:84485654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.244.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622553/; classtype:trojan-activity;sid:84485653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622552)"; flow:established,from_client; content:"GET"; http_method; content:"/sex.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.159.18.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622552/; classtype:trojan-activity;sid:84485652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.119.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622551/; classtype:trojan-activity;sid:84485651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622550)"; flow:established,from_client; content:"GET"; http_method; content:"/1212.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622550/; classtype:trojan-activity;sid:84485650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622540)"; flow:established,from_client; content:"GET"; http_method; content:"/326.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622540/; classtype:trojan-activity;sid:84485640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622541)"; flow:established,from_client; content:"GET"; http_method; content:"/125.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622541/; classtype:trojan-activity;sid:84485641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622542)"; flow:established,from_client; content:"GET"; http_method; content:"/46.bin"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622542/; classtype:trojan-activity;sid:84485642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622543)"; flow:established,from_client; content:"GET"; http_method; content:"/326.bin.bak"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622543/; classtype:trojan-activity;sid:84485643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622544)"; flow:established,from_client; content:"GET"; http_method; content:"/1212.bin.bak"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622544/; classtype:trojan-activity;sid:84485644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622545)"; flow:established,from_client; content:"GET"; http_method; content:"/shellcode.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622545/; classtype:trojan-activity;sid:84485645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622546)"; flow:established,from_client; content:"GET"; http_method; content:"/125.bin.bak"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622546/; classtype:trojan-activity;sid:84485646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622547)"; flow:established,from_client; content:"GET"; http_method; content:"/er/45.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622547/; classtype:trojan-activity;sid:84485647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622548)"; flow:established,from_client; content:"GET"; http_method; content:"/er/326.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622548/; classtype:trojan-activity;sid:84485648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622549)"; flow:established,from_client; content:"GET"; http_method; content:"/er/46.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622549/; classtype:trojan-activity;sid:84485649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622538)"; flow:established,from_client; content:"GET"; http_method; content:"/45.bin"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622538/; classtype:trojan-activity;sid:84485638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622539)"; flow:established,from_client; content:"GET"; http_method; content:"/er/1212.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622539/; classtype:trojan-activity;sid:84485639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.7.193"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622537/; classtype:trojan-activity;sid:84485637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.6.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622536/; classtype:trojan-activity;sid:84485636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.195.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622535/; classtype:trojan-activity;sid:84485635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.143.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622534/; classtype:trojan-activity;sid:84485634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.82.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622533/; classtype:trojan-activity;sid:84485633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.90.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622532/; classtype:trojan-activity;sid:84485632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.31.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622531/; classtype:trojan-activity;sid:84485631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.119.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622530/; classtype:trojan-activity;sid:84485630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.227.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622529/; classtype:trojan-activity;sid:84485629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.105.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622528/; classtype:trojan-activity;sid:84485628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.80.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622527/; classtype:trojan-activity;sid:84485627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622521)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622521/; classtype:trojan-activity;sid:84485621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622522)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622522/; classtype:trojan-activity;sid:84485622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622523)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622523/; classtype:trojan-activity;sid:84485623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622524)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622524/; classtype:trojan-activity;sid:84485624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622525)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622525/; classtype:trojan-activity;sid:84485625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622526)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622526/; classtype:trojan-activity;sid:84485626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622519)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622519/; classtype:trojan-activity;sid:84485619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622520)"; flow:established,from_client; content:"GET"; http_method; content:"/hyb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622520/; classtype:trojan-activity;sid:84485620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622518)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622518/; classtype:trojan-activity;sid:84485618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622516)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622516/; classtype:trojan-activity;sid:84485616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622517)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622517/; classtype:trojan-activity;sid:84485617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622515)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622515/; classtype:trojan-activity;sid:84485615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622511)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622511/; classtype:trojan-activity;sid:84485611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622512)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622512/; classtype:trojan-activity;sid:84485612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622513)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622513/; classtype:trojan-activity;sid:84485613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622514)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622514/; classtype:trojan-activity;sid:84485614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622510)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622510/; classtype:trojan-activity;sid:84485610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622508)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622508/; classtype:trojan-activity;sid:84485608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622509)"; flow:established,from_client; content:"GET"; http_method; content:"/rev.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622509/; classtype:trojan-activity;sid:84485609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622507)"; flow:established,from_client; content:"GET"; http_method; content:"/suf9b0isem.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mv.mo5un.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622507/; classtype:trojan-activity;sid:84485607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622506)"; flow:established,from_client; content:"GET"; http_method; content:"/67mftjant1.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mv.mo5un.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622506/; classtype:trojan-activity;sid:84485606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622505)"; flow:established,from_client; content:"GET"; http_method; content:"/wq.check|3f|t=ffhhhpjc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"bti.fo1od.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622505/; classtype:trojan-activity;sid:84485605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.174.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622504/; classtype:trojan-activity;sid:84485604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622503)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622503/; classtype:trojan-activity;sid:84485603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.143.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622502/; classtype:trojan-activity;sid:84485602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.91.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622501/; classtype:trojan-activity;sid:84485601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.234.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622500/; classtype:trojan-activity;sid:84485600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.62.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622499/; classtype:trojan-activity;sid:84485599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622498)"; flow:established,from_client; content:"GET"; http_method; content:"/dewcbe2l8j.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tr.ji1im.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622498/; classtype:trojan-activity;sid:84485598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622497)"; flow:established,from_client; content:"GET"; http_method; content:"/ir.google|3f|t=lwdw536g"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"rq.fo1od.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622497/; classtype:trojan-activity;sid:84485597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622496)"; flow:established,from_client; content:"GET"; http_method; content:"/cmlbs5anf3.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tr.ji1im.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622496/; classtype:trojan-activity;sid:84485596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.148.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622495/; classtype:trojan-activity;sid:84485595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.174.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622494/; classtype:trojan-activity;sid:84485594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.82.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622493/; classtype:trojan-activity;sid:84485593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.17.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622487/; classtype:trojan-activity;sid:84485587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622486)"; flow:established,from_client; content:"GET"; http_method; content:"/igfxcuiservicen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kali.free.idcfengye.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622486/; classtype:trojan-activity;sid:84485586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622484)"; flow:established,from_client; content:"GET"; http_method; content:"/qy6de4b2no.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tr.ji1im.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622484/; classtype:trojan-activity;sid:84485584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622485)"; flow:established,from_client; content:"GET"; http_method; content:"/sna.check|3f|t=txus0s6j"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"xal.fo1od.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622485/; classtype:trojan-activity;sid:84485585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622482)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon_x64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kali.free.idcfengye.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622482/; classtype:trojan-activity;sid:84485582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622483)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"kali.free.idcfengye.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622483/; classtype:trojan-activity;sid:84485583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622481)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"kali.free.idcfengye.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622481/; classtype:trojan-activity;sid:84485581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622480)"; flow:established,from_client; content:"GET"; http_method; content:"/artifact_x64.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"kali.free.idcfengye.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622480/; classtype:trojan-activity;sid:84485580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622479)"; flow:established,from_client; content:"GET"; http_method; content:"/gz3ywtjlpb.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tr.ji1im.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622479/; classtype:trojan-activity;sid:84485579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.62.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622477/; classtype:trojan-activity;sid:84485577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622478)"; flow:established,from_client; content:"GET"; http_method; content:"/2n0gnzlc84.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"lx.ji1im.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622478/; classtype:trojan-activity;sid:84485578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622476)"; flow:established,from_client; content:"GET"; http_method; content:"/dy7cppwtbb.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"lx.ji1im.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622476/; classtype:trojan-activity;sid:84485576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622475)"; flow:established,from_client; content:"GET"; http_method; content:"/qd.google|3f|t=19hcsfk8"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"me.fo1od.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622475/; classtype:trojan-activity;sid:84485575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.96.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622474/; classtype:trojan-activity;sid:84485574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.86.71.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622473/; classtype:trojan-activity;sid:84485573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.211.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622464/; classtype:trojan-activity;sid:84485564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622465)"; flow:established,from_client; content:"GET"; http_method; content:"/m/moobs"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622465/; classtype:trojan-activity;sid:84485565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622466)"; flow:established,from_client; content:"GET"; http_method; content:"/m/mpsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622466/; classtype:trojan-activity;sid:84485566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622467)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622467/; classtype:trojan-activity;sid:84485567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622468)"; flow:established,from_client; content:"GET"; http_method; content:"/m/arm5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622468/; classtype:trojan-activity;sid:84485568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622469)"; flow:established,from_client; content:"GET"; http_method; content:"/m/arm4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622469/; classtype:trojan-activity;sid:84485569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622470)"; flow:established,from_client; content:"GET"; http_method; content:"/m/arm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622470/; classtype:trojan-activity;sid:84485570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622471)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622471/; classtype:trojan-activity;sid:84485571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622472)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622472/; classtype:trojan-activity;sid:84485572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.96.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622463/; classtype:trojan-activity;sid:84485563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.148.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622462/; classtype:trojan-activity;sid:84485562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622461)"; flow:established,from_client; content:"GET"; http_method; content:"/4qzbfo0nr9.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"lx.ji1im.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622461/; classtype:trojan-activity;sid:84485561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622460)"; flow:established,from_client; content:"GET"; http_method; content:"/f0esvmakxn.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"lx.ji1im.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622460/; classtype:trojan-activity;sid:84485560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622459)"; flow:established,from_client; content:"GET"; http_method; content:"/oga.check|3f|t=zvgjjf7s"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"by.xe3ax.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622459/; classtype:trojan-activity;sid:84485559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622458)"; flow:established,from_client; content:"GET"; http_method; content:"/img/verybestpersonifoundeverydayonmylifebettergoodways.hta"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"209.54.102.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622458/; classtype:trojan-activity;sid:84485558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.202.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622457/; classtype:trojan-activity;sid:84485557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622456)"; flow:established,from_client; content:"GET"; http_method; content:"/trillings.sea"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"it-ing.hr"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622456/; classtype:trojan-activity;sid:84485556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622455)"; flow:established,from_client; content:"GET"; http_method; content:"/fagforeningskomiteerne.aca"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"serralux.pt"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622455/; classtype:trojan-activity;sid:84485555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.55.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622454/; classtype:trojan-activity;sid:84485554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622453)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1xaz1n-jyyhe5oiur1us9zmwzkrbmnsov"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622453/; classtype:trojan-activity;sid:84485553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.140.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622452/; classtype:trojan-activity;sid:84485552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.57.214.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622451/; classtype:trojan-activity;sid:84485551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.245.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622449/; classtype:trojan-activity;sid:84485549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.3.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622450/; classtype:trojan-activity;sid:84485550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622447/; classtype:trojan-activity;sid:84485547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.51.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622448/; classtype:trojan-activity;sid:84485548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.59.107.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622445/; classtype:trojan-activity;sid:84485545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.59.107.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622446/; classtype:trojan-activity;sid:84485546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622443)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1bb4pswulst8gbeaz4xo_bi0ns8u8y14i"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622443/; classtype:trojan-activity;sid:84485543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622444)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1izxk5ytst77zqbrn0rt7usd-qfxq3mdi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622444/; classtype:trojan-activity;sid:84485544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.17.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622442/; classtype:trojan-activity;sid:84485542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.247.16.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622441/; classtype:trojan-activity;sid:84485541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.29.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622439/; classtype:trojan-activity;sid:84485539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622440/; classtype:trojan-activity;sid:84485540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622438)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/report_financial_q4_2025_19278x127654321.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"wrote-kernel-extend-designation.trycloudflare.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622438/; classtype:trojan-activity;sid:84485538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.211.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622437/; classtype:trojan-activity;sid:84485537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622434)"; flow:established,from_client; content:"GET"; http_method; content:"/start.bat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"wrote-kernel-extend-designation.trycloudflare.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622434/; classtype:trojan-activity;sid:84485534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622435)"; flow:established,from_client; content:"GET"; http_method; content:"/pop/tor.wsf"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"wrote-kernel-extend-designation.trycloudflare.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622435/; classtype:trojan-activity;sid:84485535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622436)"; flow:established,from_client; content:"GET"; http_method; content:"/flip.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wrote-kernel-extend-designation.trycloudflare.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622436/; classtype:trojan-activity;sid:84485536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622433)"; flow:established,from_client; content:"GET"; http_method; content:"/adw.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"wrote-kernel-extend-designation.trycloudflare.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622433/; classtype:trojan-activity;sid:84485533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.27.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622431/; classtype:trojan-activity;sid:84485531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.209.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622432/; classtype:trojan-activity;sid:84485532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622430)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250909231221.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"96.44.159.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622430/; classtype:trojan-activity;sid:84485530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.144.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622429/; classtype:trojan-activity;sid:84485529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622428)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250910082944.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"107.172.132.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622428/; classtype:trojan-activity;sid:84485528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622427)"; flow:established,from_client; content:"GET"; http_method; content:"/fvf9p0lh0f.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"yn.fa6eq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622427/; classtype:trojan-activity;sid:84485527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622425)"; flow:established,from_client; content:"GET"; http_method; content:"/terms.mp4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.125.50.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622425/; classtype:trojan-activity;sid:84485525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622426)"; flow:established,from_client; content:"GET"; http_method; content:"/tx.google|3f|t=ftfdq2pa"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pne.xe3ax.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622426/; classtype:trojan-activity;sid:84485526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622424)"; flow:established,from_client; content:"GET"; http_method; content:"/8fclquuhh0.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"yn.fa6eq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622424/; classtype:trojan-activity;sid:84485524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622423)"; flow:established,from_client; content:"GET"; http_method; content:"/megago.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.125.50.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622423/; classtype:trojan-activity;sid:84485523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622422)"; flow:established,from_client; content:"GET"; http_method; content:"/nueva%20carpeta/copi%20(1).txt"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"hostphpwindowsapp.duckdns.org"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622422/; classtype:trojan-activity;sid:84485522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622421)"; flow:established,from_client; content:"GET"; http_method; content:"/nueva%20carpeta/vmdocumenots.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"hostphpwindowsapp.duckdns.org"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622421/; classtype:trojan-activity;sid:84485521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.209.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622420/; classtype:trojan-activity;sid:84485520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.247.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622419/; classtype:trojan-activity;sid:84485519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.202.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622418/; classtype:trojan-activity;sid:84485518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.141.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622417/; classtype:trojan-activity;sid:84485517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.247.16.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622416/; classtype:trojan-activity;sid:84485516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.27.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622415/; classtype:trojan-activity;sid:84485515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.199.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622414/; classtype:trojan-activity;sid:84485514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.82.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622413/; classtype:trojan-activity;sid:84485513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.9.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622412/; classtype:trojan-activity;sid:84485512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.182.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622411/; classtype:trojan-activity;sid:84485511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.212.39.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622410/; classtype:trojan-activity;sid:84485510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.199.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622409/; classtype:trojan-activity;sid:84485509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.9.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622408/; classtype:trojan-activity;sid:84485508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.235.42.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622407/; classtype:trojan-activity;sid:84485507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.108.250.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622406/; classtype:trojan-activity;sid:84485506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622405)"; flow:established,from_client; content:"GET"; http_method; content:"/ihu4ciep58.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"yn.fa6eq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622405/; classtype:trojan-activity;sid:84485505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622404)"; flow:established,from_client; content:"GET"; http_method; content:"/vim.check|3f|t=3dwdg5eg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"va.xe3ax.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622404/; classtype:trojan-activity;sid:84485504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622403)"; flow:established,from_client; content:"GET"; http_method; content:"/x2cngs88bc.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"yn.fa6eq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622403/; classtype:trojan-activity;sid:84485503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622402)"; flow:established,from_client; content:"GET"; http_method; content:"/swget.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.54.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622402/; classtype:trojan-activity;sid:84485502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.112.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622401/; classtype:trojan-activity;sid:84485501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.82.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622400/; classtype:trojan-activity;sid:84485500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.168.203.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622399/; classtype:trojan-activity;sid:84485499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.250.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622398/; classtype:trojan-activity;sid:84485498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.181.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622397/; classtype:trojan-activity;sid:84485497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622396)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.49.26.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622396/; classtype:trojan-activity;sid:84485496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.87.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622395/; classtype:trojan-activity;sid:84485495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.156.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622394/; classtype:trojan-activity;sid:84485494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.55.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622393/; classtype:trojan-activity;sid:84485493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622392)"; flow:established,from_client; content:"GET"; http_method; content:"/cvnmztbf1d.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"yn.fa6eq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622392/; classtype:trojan-activity;sid:84485492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622391)"; flow:established,from_client; content:"GET"; http_method; content:"/jfjze20ko3.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"yn.fa6eq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622391/; classtype:trojan-activity;sid:84485491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622390)"; flow:established,from_client; content:"GET"; http_method; content:"/lq.google|3f|t=57bpvr2x"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"kri.xe3ax.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622390/; classtype:trojan-activity;sid:84485490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.168.203.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622389/; classtype:trojan-activity;sid:84485489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.211.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622388/; classtype:trojan-activity;sid:84485488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.41.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622387/; classtype:trojan-activity;sid:84485487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.104.104.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622386/; classtype:trojan-activity;sid:84485486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.1.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622385/; classtype:trojan-activity;sid:84485485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.118.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622384/; classtype:trojan-activity;sid:84485484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.231.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622383/; classtype:trojan-activity;sid:84485483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622379)"; flow:established,from_client; content:"GET"; http_method; content:"/n"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"141.98.10.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622379/; classtype:trojan-activity;sid:84485479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622380)"; flow:established,from_client; content:"GET"; http_method; content:"/tt"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"141.98.10.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622380/; classtype:trojan-activity;sid:84485480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622381)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"141.98.10.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622381/; classtype:trojan-activity;sid:84485481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622382)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"141.98.10.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622382/; classtype:trojan-activity;sid:84485482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622378)"; flow:established,from_client; content:"GET"; http_method; content:"/upl04d/cl13ent/edu.x86_64"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"141.98.10.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622378/; classtype:trojan-activity;sid:84485478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622377)"; flow:established,from_client; content:"GET"; http_method; content:"/upl04d/cl13ent/edu.spc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"141.98.10.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622377/; classtype:trojan-activity;sid:84485477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622374)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/armv6l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.10.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622374/; classtype:trojan-activity;sid:84485474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622375)"; flow:established,from_client; content:"GET"; http_method; content:"/upl04d/cl13ent/edu.x86"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"141.98.10.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622375/; classtype:trojan-activity;sid:84485475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622376)"; flow:established,from_client; content:"GET"; http_method; content:"/upl04d/cl13ent/edu.ppc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"141.98.10.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622376/; classtype:trojan-activity;sid:84485476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622370)"; flow:established,from_client; content:"GET"; http_method; content:"/upl04d/cl13ent/edu.m68k"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"141.98.10.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622370/; classtype:trojan-activity;sid:84485470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622371)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/armv7l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.10.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622371/; classtype:trojan-activity;sid:84485471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622372)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.98.10.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622372/; classtype:trojan-activity;sid:84485472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622373)"; flow:established,from_client; content:"GET"; http_method; content:"/upl04d/cl13ent/edu.sh4"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"141.98.10.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622373/; classtype:trojan-activity;sid:84485473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622369)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/mipsel"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.10.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622369/; classtype:trojan-activity;sid:84485469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.156.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622368/; classtype:trojan-activity;sid:84485468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.87.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622367/; classtype:trojan-activity;sid:84485467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622366)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250911012138.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"96.44.159.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622366/; classtype:trojan-activity;sid:84485466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.231.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622365/; classtype:trojan-activity;sid:84485465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.29.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622364/; classtype:trojan-activity;sid:84485464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622363)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103-181-182-245.nevacloud.io"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622363/; classtype:trojan-activity;sid:84485463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622361)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"tehrancraftst.ir"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622361/; classtype:trojan-activity;sid:84485461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622362)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"a1.l4nggeng.my.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622362/; classtype:trojan-activity;sid:84485462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622359)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"lm.mutao.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622359/; classtype:trojan-activity;sid:84485459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622360)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lm.mutao.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622360/; classtype:trojan-activity;sid:84485460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622358)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"lm.mutao.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622358/; classtype:trojan-activity;sid:84485458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622357)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"tehrancraftst.ir"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622357/; classtype:trojan-activity;sid:84485457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622351)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"a1.l4nggeng.my.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622351/; classtype:trojan-activity;sid:84485451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622352)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"tehrancraftst.ir"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622352/; classtype:trojan-activity;sid:84485452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622353)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"lm.mutao.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622353/; classtype:trojan-activity;sid:84485453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622354)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lm.mutao.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622354/; classtype:trojan-activity;sid:84485454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622355)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"tehrancraftst.ir"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622355/; classtype:trojan-activity;sid:84485455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.84.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622356/; classtype:trojan-activity;sid:84485456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622347)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"tehrancraftst.ir"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622347/; classtype:trojan-activity;sid:84485447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622348)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"lm.mutao.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622348/; classtype:trojan-activity;sid:84485448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622349)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"lm.mutao.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622349/; classtype:trojan-activity;sid:84485449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622350)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lm.mutao.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622350/; classtype:trojan-activity;sid:84485450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.84.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622341/; classtype:trojan-activity;sid:84485441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622342)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lm.mutao.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622342/; classtype:trojan-activity;sid:84485442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622343)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lm.mutao.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622343/; classtype:trojan-activity;sid:84485443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622344)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lm.mutao.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622344/; classtype:trojan-activity;sid:84485444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622345)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"lm.mutao.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622345/; classtype:trojan-activity;sid:84485445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622346)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lm.mutao.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622346/; classtype:trojan-activity;sid:84485446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622333)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"tehrancraftst.ir"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622333/; classtype:trojan-activity;sid:84485433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622334)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"tehrancraftst.ir"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622334/; classtype:trojan-activity;sid:84485434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622335)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103-181-182-245.nevacloud.io"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622335/; classtype:trojan-activity;sid:84485435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622336)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"tehrancraftst.ir"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622336/; classtype:trojan-activity;sid:84485436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622337)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"a1.l4nggeng.my.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622337/; classtype:trojan-activity;sid:84485437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622338)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"tehrancraftst.ir"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622338/; classtype:trojan-activity;sid:84485438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622339)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"tehrancraftst.ir"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622339/; classtype:trojan-activity;sid:84485439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622340)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"tehrancraftst.ir"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622340/; classtype:trojan-activity;sid:84485440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622330)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103-181-182-245.nevacloud.io"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622330/; classtype:trojan-activity;sid:84485430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.178.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622331/; classtype:trojan-activity;sid:84485431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.191.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622332/; classtype:trojan-activity;sid:84485432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622329)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103-181-182-245.nevacloud.io"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622329/; classtype:trojan-activity;sid:84485429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622328)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103-181-182-245.nevacloud.io"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622328/; classtype:trojan-activity;sid:84485428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622326)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"a1.l4nggeng.my.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622326/; classtype:trojan-activity;sid:84485426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622327)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103-181-182-245.nevacloud.io"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622327/; classtype:trojan-activity;sid:84485427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622323)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103-181-182-245.nevacloud.io"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622323/; classtype:trojan-activity;sid:84485423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622324)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103-181-182-245.nevacloud.io"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622324/; classtype:trojan-activity;sid:84485424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622325)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103-181-182-245.nevacloud.io"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622325/; classtype:trojan-activity;sid:84485425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622317)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"a1.l4nggeng.my.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622317/; classtype:trojan-activity;sid:84485417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622318)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"a1.l4nggeng.my.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622318/; classtype:trojan-activity;sid:84485418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622319)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103-181-182-245.nevacloud.io"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622319/; classtype:trojan-activity;sid:84485419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622320)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103-181-182-245.nevacloud.io"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622320/; classtype:trojan-activity;sid:84485420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622321)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103-181-182-245.nevacloud.io"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622321/; classtype:trojan-activity;sid:84485421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622322)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103-181-182-245.nevacloud.io"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622322/; classtype:trojan-activity;sid:84485422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622310)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"a1.l4nggeng.my.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622310/; classtype:trojan-activity;sid:84485410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622311)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"a1.l4nggeng.my.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622311/; classtype:trojan-activity;sid:84485411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622312)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"a1.l4nggeng.my.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622312/; classtype:trojan-activity;sid:84485412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622313)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"a1.l4nggeng.my.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622313/; classtype:trojan-activity;sid:84485413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622314)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"a1.l4nggeng.my.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622314/; classtype:trojan-activity;sid:84485414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622315)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"a1.l4nggeng.my.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622315/; classtype:trojan-activity;sid:84485415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622316)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"a1.l4nggeng.my.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622316/; classtype:trojan-activity;sid:84485416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622306)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622306/; classtype:trojan-activity;sid:84485406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622307)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622307/; classtype:trojan-activity;sid:84485407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622308)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622308/; classtype:trojan-activity;sid:84485408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622309)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622309/; classtype:trojan-activity;sid:84485409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.189.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622305/; classtype:trojan-activity;sid:84485405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622303)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mylove88.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622303/; classtype:trojan-activity;sid:84485403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622304)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mylove88.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622304/; classtype:trojan-activity;sid:84485404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622300/; classtype:trojan-activity;sid:84485400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622301)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mylove88.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622301/; classtype:trojan-activity;sid:84485401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622302)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mylove88.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622302/; classtype:trojan-activity;sid:84485402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622290)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mylove88.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622290/; classtype:trojan-activity;sid:84485390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622291)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mylove88.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622291/; classtype:trojan-activity;sid:84485391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622292)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mylove88.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622292/; classtype:trojan-activity;sid:84485392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622293)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mylove88.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622293/; classtype:trojan-activity;sid:84485393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622294)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"mylove88.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622294/; classtype:trojan-activity;sid:84485394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622295)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mylove88.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622295/; classtype:trojan-activity;sid:84485395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622296)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"mylove88.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622296/; classtype:trojan-activity;sid:84485396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622297)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mylove88.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622297/; classtype:trojan-activity;sid:84485397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622298)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mylove88.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622298/; classtype:trojan-activity;sid:84485398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622299)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mylove88.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622299/; classtype:trojan-activity;sid:84485399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622289)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mylove88.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622289/; classtype:trojan-activity;sid:84485389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.16.186.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622288/; classtype:trojan-activity;sid:84485388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622287)"; flow:established,from_client; content:"GET"; http_method; content:"/i5gwsl7ep4.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qd.fa6eq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622287/; classtype:trojan-activity;sid:84485387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622286)"; flow:established,from_client; content:"GET"; http_method; content:"/9jhqsqt00g.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qd.fa6eq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622286/; classtype:trojan-activity;sid:84485386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622285)"; flow:established,from_client; content:"GET"; http_method; content:"/zo.check|3f|t=46lc6a49"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"du.xe3ax.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622285/; classtype:trojan-activity;sid:84485385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.48.133.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622284/; classtype:trojan-activity;sid:84485384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.34.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622283/; classtype:trojan-activity;sid:84485383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622282)"; flow:established,from_client; content:"GET"; http_method; content:"/iddr/lool.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"microsoft-telemetry.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622282/; classtype:trojan-activity;sid:84485382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622280/; classtype:trojan-activity;sid:84485380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.92.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622281/; classtype:trojan-activity;sid:84485381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.141.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622279/; classtype:trojan-activity;sid:84485379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622278)"; flow:established,from_client; content:"GET"; http_method; content:"/upl04d/cl13ent/edu.arm7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"141.98.10.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622278/; classtype:trojan-activity;sid:84485378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622277)"; flow:established,from_client; content:"GET"; http_method; content:"/upl04d/cl13ent/edu.arm5n"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"141.98.10.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622277/; classtype:trojan-activity;sid:84485377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622276)"; flow:established,from_client; content:"GET"; http_method; content:"/update/3.pdf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"anythingcanbethissub.chat1.store"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622276/; classtype:trojan-activity;sid:84485376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622275)"; flow:established,from_client; content:"GET"; http_method; content:"/update/6.pdf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"anythingcanbethissub.chat1.store"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622275/; classtype:trojan-activity;sid:84485375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622274)"; flow:established,from_client; content:"GET"; http_method; content:"/update/2.pdf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"anythingcanbethissub.chat1.store"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622274/; classtype:trojan-activity;sid:84485374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622273)"; flow:established,from_client; content:"GET"; http_method; content:"/files/ght/stil.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622273/; classtype:trojan-activity;sid:84485373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622271)"; flow:established,from_client; content:"GET"; http_method; content:"/upl04d/cl13ent/edu.mpsl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"141.98.10.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622271/; classtype:trojan-activity;sid:84485371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622272)"; flow:established,from_client; content:"GET"; http_method; content:"/upl04d/cl13ent/edu.mips"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"141.98.10.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622272/; classtype:trojan-activity;sid:84485372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622269)"; flow:established,from_client; content:"GET"; http_method; content:"/update/5.pdf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"anythingcanbethissub.chat1.store"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622269/; classtype:trojan-activity;sid:84485369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622270)"; flow:established,from_client; content:"GET"; http_method; content:"/upl04d/cl13ent/edu.arm"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"141.98.10.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622270/; classtype:trojan-activity;sid:84485370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622267)"; flow:established,from_client; content:"GET"; http_method; content:"/files/plug/berkeleylots.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622267/; classtype:trojan-activity;sid:84485367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622268)"; flow:established,from_client; content:"GET"; http_method; content:"/mass"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622268/; classtype:trojan-activity;sid:84485368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622264)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6379372164/cjksjdt.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622264/; classtype:trojan-activity;sid:84485364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622265)"; flow:established,from_client; content:"GET"; http_method; content:"/update/1.pdf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"anythingcanbethissub.chat1.store"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622265/; classtype:trojan-activity;sid:84485365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622266)"; flow:established,from_client; content:"GET"; http_method; content:"/update/4.pdf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"anythingcanbethissub.chat1.store"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622266/; classtype:trojan-activity;sid:84485366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622263)"; flow:established,from_client; content:"GET"; http_method; content:"/upl04d/cl13ent/edu.arm6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"141.98.10.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622263/; classtype:trojan-activity;sid:84485363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622262)"; flow:established,from_client; content:"GET"; http_method; content:"/m/i.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622262/; classtype:trojan-activity;sid:84485362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622254)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5925113975/mithcd3.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622254/; classtype:trojan-activity;sid:84485354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622255)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7593142111/0t4wqp9.ps1"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622255/; classtype:trojan-activity;sid:84485355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622256)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7593142111/lydahx5.ps1"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622256/; classtype:trojan-activity;sid:84485356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622257)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5998301158/vacl4vp.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622257/; classtype:trojan-activity;sid:84485357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622258)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7593142111/0t4wqp9.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622258/; classtype:trojan-activity;sid:84485358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622259)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5998301158/cqpye8r.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622259/; classtype:trojan-activity;sid:84485359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622260)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7593142111/lydahx5.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622260/; classtype:trojan-activity;sid:84485360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622261)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7593142111/lydahx5.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622261/; classtype:trojan-activity;sid:84485361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622253)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6379372164/cjksjdt.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622253/; classtype:trojan-activity;sid:84485353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.48.133.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622252/; classtype:trojan-activity;sid:84485352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.53.244"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622251/; classtype:trojan-activity;sid:84485351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.222.50.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622250/; classtype:trojan-activity;sid:84485350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.108.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622249/; classtype:trojan-activity;sid:84485349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.141.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622248/; classtype:trojan-activity;sid:84485348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.9.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622247/; classtype:trojan-activity;sid:84485347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.152.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622246/; classtype:trojan-activity;sid:84485346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.108.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622245/; classtype:trojan-activity;sid:84485345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.95.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622244/; classtype:trojan-activity;sid:84485344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.71.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622243/; classtype:trojan-activity;sid:84485343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.72.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622240/; classtype:trojan-activity;sid:84485340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.152.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622241/; classtype:trojan-activity;sid:84485341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.179.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622242/; classtype:trojan-activity;sid:84485342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.124.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622239/; classtype:trojan-activity;sid:84485339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.222.50.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622238/; classtype:trojan-activity;sid:84485338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.120.174.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622237/; classtype:trojan-activity;sid:84485337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.254.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622236/; classtype:trojan-activity;sid:84485336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622235)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7435642179/ohhihal.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622235/; classtype:trojan-activity;sid:84485335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622234)"; flow:established,from_client; content:"GET"; http_method; content:"/well/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622234/; classtype:trojan-activity;sid:84485334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.124.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622233/; classtype:trojan-activity;sid:84485333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.244.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622232/; classtype:trojan-activity;sid:84485332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.179.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622231/; classtype:trojan-activity;sid:84485331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622230)"; flow:established,from_client; content:"GET"; http_method; content:"/w9od0f60mx.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qd.fa6eq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622230/; classtype:trojan-activity;sid:84485330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622229)"; flow:established,from_client; content:"GET"; http_method; content:"/hi35g5c5p7.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qd.fa6eq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622229/; classtype:trojan-activity;sid:84485329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622228)"; flow:established,from_client; content:"GET"; http_method; content:"/pe.google|3f|t=fbb6t95d"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tne.we4ex.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622228/; classtype:trojan-activity;sid:84485328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.120.174.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622227/; classtype:trojan-activity;sid:84485327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.204.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622226/; classtype:trojan-activity;sid:84485326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.107.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622225/; classtype:trojan-activity;sid:84485325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.182.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622223/; classtype:trojan-activity;sid:84485323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.7.193"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622224/; classtype:trojan-activity;sid:84485324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.38.3.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622220/; classtype:trojan-activity;sid:84485320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.66.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622221/; classtype:trojan-activity;sid:84485321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.61.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622222/; classtype:trojan-activity;sid:84485322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.249.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622219/; classtype:trojan-activity;sid:84485319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.40.240.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622218/; classtype:trojan-activity;sid:84485318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622217)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"tehrancraftst.ir"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622217/; classtype:trojan-activity;sid:84485317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.119.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622216/; classtype:trojan-activity;sid:84485316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.64.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622215/; classtype:trojan-activity;sid:84485315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.232.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622214/; classtype:trojan-activity;sid:84485314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.181.227.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622213/; classtype:trojan-activity;sid:84485313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.154.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622212/; classtype:trojan-activity;sid:84485312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.200.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622211/; classtype:trojan-activity;sid:84485311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.232.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622210/; classtype:trojan-activity;sid:84485310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622209/; classtype:trojan-activity;sid:84485309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.200.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622208/; classtype:trojan-activity;sid:84485308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622207)"; flow:established,from_client; content:"GET"; http_method; content:"/5yxwbyiqva.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qd.fa6eq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622207/; classtype:trojan-activity;sid:84485307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622206)"; flow:established,from_client; content:"GET"; http_method; content:"/u7wl4hrcgq.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qd.fa6eq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622206/; classtype:trojan-activity;sid:84485306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622205)"; flow:established,from_client; content:"GET"; http_method; content:"/lt.check|3f|t=97rrs4go"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mox.we4ex.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622205/; classtype:trojan-activity;sid:84485305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.181.227.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622204/; classtype:trojan-activity;sid:84485304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.52.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622203/; classtype:trojan-activity;sid:84485303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.59.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622202/; classtype:trojan-activity;sid:84485302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.217.214.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622201/; classtype:trojan-activity;sid:84485301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.171.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622200/; classtype:trojan-activity;sid:84485300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622199)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.148.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622199/; classtype:trojan-activity;sid:84485299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622198)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.148.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622198/; classtype:trojan-activity;sid:84485298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622197)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.148.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622197/; classtype:trojan-activity;sid:84485297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622190)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622190/; classtype:trojan-activity;sid:84485290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622191)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622191/; classtype:trojan-activity;sid:84485291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622192)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.148.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622192/; classtype:trojan-activity;sid:84485292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622193)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622193/; classtype:trojan-activity;sid:84485293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622194)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622194/; classtype:trojan-activity;sid:84485294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622195)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622195/; classtype:trojan-activity;sid:84485295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622196)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622196/; classtype:trojan-activity;sid:84485296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.89.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622189/; classtype:trojan-activity;sid:84485289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.89.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622188/; classtype:trojan-activity;sid:84485288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622187)"; flow:established,from_client; content:"GET"; http_method; content:"/padiym12ch.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qd.fa6eq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622187/; classtype:trojan-activity;sid:84485287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622186)"; flow:established,from_client; content:"GET"; http_method; content:"/fc2vbt42a8.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qd.fa6eq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622186/; classtype:trojan-activity;sid:84485286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622185)"; flow:established,from_client; content:"GET"; http_method; content:"/rqa.google|3f|t=vuitq5q7"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"lv.we4ex.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622185/; classtype:trojan-activity;sid:84485285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.214.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622184/; classtype:trojan-activity;sid:84485284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622183/; classtype:trojan-activity;sid:84485283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622182)"; flow:established,from_client; content:"GET"; http_method; content:"/pjf8qwjd47.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qd.fa6eq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622182/; classtype:trojan-activity;sid:84485282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622181)"; flow:established,from_client; content:"GET"; http_method; content:"/om.check|3f|t=d24rd0mh"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"qra.we4ex.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622181/; classtype:trojan-activity;sid:84485281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622180)"; flow:established,from_client; content:"GET"; http_method; content:"/drjjkwv23i.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qd.fa6eq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622180/; classtype:trojan-activity;sid:84485280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.69.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622179/; classtype:trojan-activity;sid:84485279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622177)"; flow:established,from_client; content:"GET"; http_method; content:"/8d65qxoud6.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qd.fa6eq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622177/; classtype:trojan-activity;sid:84485277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622178)"; flow:established,from_client; content:"GET"; http_method; content:"/2q3hgef8ev.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qd.fa6eq.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622178/; classtype:trojan-activity;sid:84485278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622176)"; flow:established,from_client; content:"GET"; http_method; content:"/vk.google|3f|t=nwgs09xz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zi.we4ex.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622176/; classtype:trojan-activity;sid:84485276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.100.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622175/; classtype:trojan-activity;sid:84485275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622174/; classtype:trojan-activity;sid:84485274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.228.239.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622172/; classtype:trojan-activity;sid:84485272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.9.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622173/; classtype:trojan-activity;sid:84485273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.160.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622171/; classtype:trojan-activity;sid:84485271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622170)"; flow:established,from_client; content:"GET"; http_method; content:"/bee.google|3f|t=4x3x38o5"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"keen.vudeh0ae3.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622170/; classtype:trojan-activity;sid:84485270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622169)"; flow:established,from_client; content:"GET"; http_method; content:"/o4cmc2gsvj.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mro.cubaqay.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622169/; classtype:trojan-activity;sid:84485269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622168)"; flow:established,from_client; content:"GET"; http_method; content:"/vb4ozlhmtu.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mro.cubaqay.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622168/; classtype:trojan-activity;sid:84485268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.69.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622167/; classtype:trojan-activity;sid:84485267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622166)"; flow:established,from_client; content:"GET"; http_method; content:"/bdc7x8ocn8.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mro.cubaqay.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622166/; classtype:trojan-activity;sid:84485266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622165)"; flow:established,from_client; content:"GET"; http_method; content:"/m4yazq7oin.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mro.cubaqay.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622165/; classtype:trojan-activity;sid:84485265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622164)"; flow:established,from_client; content:"GET"; http_method; content:"/way.google|3f|t=sozbshn5"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"calm.vudeh0ae3.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622164/; classtype:trojan-activity;sid:84485264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.222.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622163/; classtype:trojan-activity;sid:84485263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.160.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622162/; classtype:trojan-activity;sid:84485262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.143.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622161/; classtype:trojan-activity;sid:84485261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.194.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622160/; classtype:trojan-activity;sid:84485260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.196.11.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622159/; classtype:trojan-activity;sid:84485259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.11.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622158/; classtype:trojan-activity;sid:84485258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.69.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622157/; classtype:trojan-activity;sid:84485257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.247.88.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622156/; classtype:trojan-activity;sid:84485256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.188.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622155/; classtype:trojan-activity;sid:84485255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.203.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622154/; classtype:trojan-activity;sid:84485254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.10.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622153/; classtype:trojan-activity;sid:84485253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.2.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622152/; classtype:trojan-activity;sid:84485252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622151)"; flow:established,from_client; content:"GET"; http_method; content:"/vnlebxfc33.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mro.cubaqay.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622151/; classtype:trojan-activity;sid:84485251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622150)"; flow:established,from_client; content:"GET"; http_method; content:"/fig.check|3f|t=3lv0717a"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wise.jibiw8aa5.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622150/; classtype:trojan-activity;sid:84485250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.196.11.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622149/; classtype:trojan-activity;sid:84485249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.26.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622148/; classtype:trojan-activity;sid:84485248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622147)"; flow:established,from_client; content:"GET"; http_method; content:"/qrem9ef4bu.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mro.cubaqay.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622147/; classtype:trojan-activity;sid:84485247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622145)"; flow:established,from_client; content:"GET"; http_method; content:"/box.google|3f|t=5p8malwp"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tall.jibiw8aa5.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622145/; classtype:trojan-activity;sid:84485245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622146)"; flow:established,from_client; content:"GET"; http_method; content:"/tvbuvcso3j.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"za.cubaqay.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622146/; classtype:trojan-activity;sid:84485246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622144)"; flow:established,from_client; content:"GET"; http_method; content:"/vg25rkzsve.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"za.cubaqay.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622144/; classtype:trojan-activity;sid:84485244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622143/; classtype:trojan-activity;sid:84485243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.0.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622142/; classtype:trojan-activity;sid:84485242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.89.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622141/; classtype:trojan-activity;sid:84485241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.214.197.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622140/; classtype:trojan-activity;sid:84485240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.26.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622139/; classtype:trojan-activity;sid:84485239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.114.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622138/; classtype:trojan-activity;sid:84485238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.99.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622137/; classtype:trojan-activity;sid:84485237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.214.197.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622136/; classtype:trojan-activity;sid:84485236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.0.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622135/; classtype:trojan-activity;sid:84485235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622134)"; flow:established,from_client; content:"GET"; http_method; content:"/cv9uddyypw.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"za.cubaqay.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622134/; classtype:trojan-activity;sid:84485234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622133)"; flow:established,from_client; content:"GET"; http_method; content:"/qcwjdmg45g.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"za.cubaqay.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622133/; classtype:trojan-activity;sid:84485233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622132)"; flow:established,from_client; content:"GET"; http_method; content:"/fit.check|3f|t=y6vby0nj"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"lean.jibiw8aa5.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622132/; classtype:trojan-activity;sid:84485232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.114.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622131/; classtype:trojan-activity;sid:84485231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.204.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622130/; classtype:trojan-activity;sid:84485230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.33.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622129/; classtype:trojan-activity;sid:84485229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.172.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622128/; classtype:trojan-activity;sid:84485228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622127)"; flow:established,from_client; content:"GET"; http_method; content:"/m90hiaea17.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"za.cubaqay.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622127/; classtype:trojan-activity;sid:84485227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622126)"; flow:established,from_client; content:"GET"; http_method; content:"/day.google|3f|t=jncutjsk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"cute.jibiw8aa5.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622126/; classtype:trojan-activity;sid:84485226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622125)"; flow:established,from_client; content:"GET"; http_method; content:"/d10cbb5rc8.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"za.cubaqay.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622125/; classtype:trojan-activity;sid:84485225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.62.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622124/; classtype:trojan-activity;sid:84485224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.53.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622123/; classtype:trojan-activity;sid:84485223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622122)"; flow:established,from_client; content:"GET"; http_method; content:"/1o0ce95xuh.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"za.cubaqay.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622122/; classtype:trojan-activity;sid:84485222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622121)"; flow:established,from_client; content:"GET"; http_method; content:"/h38dzo572f.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"za.cubaqay.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622121/; classtype:trojan-activity;sid:84485221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622120)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.check|3f|t=qnjgtix0"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"rich.jibiw8aa5.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622120/; classtype:trojan-activity;sid:84485220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.152.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622119/; classtype:trojan-activity;sid:84485219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622118)"; flow:established,from_client; content:"GET"; http_method; content:"/1wsqtyk04v.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"za.cubaqay.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622118/; classtype:trojan-activity;sid:84485218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622116)"; flow:established,from_client; content:"GET"; http_method; content:"/egg.google|3f|t=11dnq54y"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"dear.kuryc7yy1.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622116/; classtype:trojan-activity;sid:84485216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622117)"; flow:established,from_client; content:"GET"; http_method; content:"/hvxugj2jxg.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"za.cubaqay.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622117/; classtype:trojan-activity;sid:84485217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622115/; classtype:trojan-activity;sid:84485215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.101.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622114/; classtype:trojan-activity;sid:84485214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.132.131.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622113/; classtype:trojan-activity;sid:84485213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.101.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622112/; classtype:trojan-activity;sid:84485212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622111/; classtype:trojan-activity;sid:84485211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.201.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622110/; classtype:trojan-activity;sid:84485210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.132.131.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622109/; classtype:trojan-activity;sid:84485209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.18.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622108/; classtype:trojan-activity;sid:84485208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.212.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622105/; classtype:trojan-activity;sid:84485205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.64.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622106/; classtype:trojan-activity;sid:84485206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.73.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622107/; classtype:trojan-activity;sid:84485207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.71.18.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622104/; classtype:trojan-activity;sid:84485204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622103)"; flow:established,from_client; content:"GET"; http_method; content:"/ajax/pixi.min.js"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"foundationforever.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622103/; classtype:trojan-activity;sid:84485203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.95.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622102/; classtype:trojan-activity;sid:84485202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622101)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622101/; classtype:trojan-activity;sid:84485201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.105.76.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622100/; classtype:trojan-activity;sid:84485200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.105.76.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622098/; classtype:trojan-activity;sid:84485198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.241.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622099/; classtype:trojan-activity;sid:84485199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.204.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622097/; classtype:trojan-activity;sid:84485197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.90.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622096/; classtype:trojan-activity;sid:84485196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.85.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622095/; classtype:trojan-activity;sid:84485195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.53.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622094/; classtype:trojan-activity;sid:84485194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.191.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622092/; classtype:trojan-activity;sid:84485192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622093)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.181.182.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622093/; classtype:trojan-activity;sid:84485193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.191.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622091/; classtype:trojan-activity;sid:84485191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.255.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622090/; classtype:trojan-activity;sid:84485190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622089)"; flow:established,from_client; content:"GET"; http_method; content:"/bus.check|3f|t=42153pa2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"neat.kuryc7yy1.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622089/; classtype:trojan-activity;sid:84485189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622088)"; flow:established,from_client; content:"GET"; http_method; content:"/a1humua6b3.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kli.sojokiy.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622088/; classtype:trojan-activity;sid:84485188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622087)"; flow:established,from_client; content:"GET"; http_method; content:"/5uyb9lp5uk.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kli.sojokiy.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622087/; classtype:trojan-activity;sid:84485187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.77.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622086/; classtype:trojan-activity;sid:84485186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.184.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622085/; classtype:trojan-activity;sid:84485185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.139.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622084/; classtype:trojan-activity;sid:84485184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622083/; classtype:trojan-activity;sid:84485183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.158.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622082/; classtype:trojan-activity;sid:84485182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.135.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622081/; classtype:trojan-activity;sid:84485181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.175.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622080/; classtype:trojan-activity;sid:84485180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.77.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622079/; classtype:trojan-activity;sid:84485179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.163.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622078/; classtype:trojan-activity;sid:84485178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622077/; classtype:trojan-activity;sid:84485177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.247.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622076/; classtype:trojan-activity;sid:84485176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.135.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622075/; classtype:trojan-activity;sid:84485175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.184.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622074/; classtype:trojan-activity;sid:84485174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.173.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622073/; classtype:trojan-activity;sid:84485173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622072)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.45.56.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622072/; classtype:trojan-activity;sid:84485172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.250.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622071/; classtype:trojan-activity;sid:84485171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622070)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622070/; classtype:trojan-activity;sid:84485170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622061)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622061/; classtype:trojan-activity;sid:84485161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622062)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622062/; classtype:trojan-activity;sid:84485162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622063)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622063/; classtype:trojan-activity;sid:84485163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622064)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622064/; classtype:trojan-activity;sid:84485164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622065)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622065/; classtype:trojan-activity;sid:84485165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622066)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622066/; classtype:trojan-activity;sid:84485166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622067)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622067/; classtype:trojan-activity;sid:84485167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622068)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622068/; classtype:trojan-activity;sid:84485168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622069)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622069/; classtype:trojan-activity;sid:84485169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622060)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622060/; classtype:trojan-activity;sid:84485160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622058)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622058/; classtype:trojan-activity;sid:84485158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622059)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622059/; classtype:trojan-activity;sid:84485159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622056)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622056/; classtype:trojan-activity;sid:84485156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622057)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622057/; classtype:trojan-activity;sid:84485157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.52.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622055/; classtype:trojan-activity;sid:84485155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.69.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622054/; classtype:trojan-activity;sid:84485154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.131.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622053/; classtype:trojan-activity;sid:84485153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.223.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622052/; classtype:trojan-activity;sid:84485152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.176.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622051/; classtype:trojan-activity;sid:84485151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.6.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622050/; classtype:trojan-activity;sid:84485150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622049)"; flow:established,from_client; content:"GET"; http_method; content:"/rnf1seck2x.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kli.sojokiy.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622049/; classtype:trojan-activity;sid:84485149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622048)"; flow:established,from_client; content:"GET"; http_method; content:"/dr62rvdrep.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kli.sojokiy.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622048/; classtype:trojan-activity;sid:84485148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622047)"; flow:established,from_client; content:"GET"; http_method; content:"/hit.google|3f|t=6a7bmknm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"vast.kuryc7yy1.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622047/; classtype:trojan-activity;sid:84485147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.250.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622046/; classtype:trojan-activity;sid:84485146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.106.231.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622045/; classtype:trojan-activity;sid:84485145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.235.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622044/; classtype:trojan-activity;sid:84485144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.52.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622043/; classtype:trojan-activity;sid:84485143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.109.157.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622042/; classtype:trojan-activity;sid:84485142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.58.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622041/; classtype:trojan-activity;sid:84485141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.106.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622040/; classtype:trojan-activity;sid:84485140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.6.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622039/; classtype:trojan-activity;sid:84485139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.58.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622038/; classtype:trojan-activity;sid:84485138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.235.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622037/; classtype:trojan-activity;sid:84485137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622036)"; flow:established,from_client; content:"GET"; http_method; content:"/age.check|3f|t=wrj7b4qg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tiny.kuryc7yy1.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622036/; classtype:trojan-activity;sid:84485136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622035)"; flow:established,from_client; content:"GET"; http_method; content:"/60um5hzhh6.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kli.sojokiy.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622035/; classtype:trojan-activity;sid:84485135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622034)"; flow:established,from_client; content:"GET"; http_method; content:"/528i6lbxl3.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kli.sojokiy.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622034/; classtype:trojan-activity;sid:84485134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622032)"; flow:established,from_client; content:"GET"; http_method; content:"/wet.google|3f|t=iwqbkfq0"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pink.kuryc7yy1.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622032/; classtype:trojan-activity;sid:84485132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.106.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622033/; classtype:trojan-activity;sid:84485133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622030)"; flow:established,from_client; content:"GET"; http_method; content:"/d8m7npouxd.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qm.sojokiy.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622030/; classtype:trojan-activity;sid:84485130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622031)"; flow:established,from_client; content:"GET"; http_method; content:"/tuj79kfjzf.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qm.sojokiy.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622031/; classtype:trojan-activity;sid:84485131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.20.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622029/; classtype:trojan-activity;sid:84485129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.176.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622028/; classtype:trojan-activity;sid:84485128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.70.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622027/; classtype:trojan-activity;sid:84485127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.205.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622026/; classtype:trojan-activity;sid:84485126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.219.122.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622025/; classtype:trojan-activity;sid:84485125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622024)"; flow:established,from_client; content:"GET"; http_method; content:"/wq0z1o8nxb.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qm.sojokiy.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622024/; classtype:trojan-activity;sid:84485124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622022)"; flow:established,from_client; content:"GET"; http_method; content:"/vsqg236i41.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qm.sojokiy.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622022/; classtype:trojan-activity;sid:84485122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622023)"; flow:established,from_client; content:"GET"; http_method; content:"/scalp.check|3f|t=ql0gco40"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"a.dasurie36.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622023/; classtype:trojan-activity;sid:84485123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.41.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622021/; classtype:trojan-activity;sid:84485121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622020)"; flow:established,from_client; content:"GET"; http_method; content:"/asus.google|3f|t=kd8soh1p"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"l.dasurie36.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622020/; classtype:trojan-activity;sid:84485120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622019)"; flow:established,from_client; content:"GET"; http_method; content:"/rcdhie1x6a.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vex.naberui.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622019/; classtype:trojan-activity;sid:84485119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622018)"; flow:established,from_client; content:"GET"; http_method; content:"/qg2wek4f0f.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vex.naberui.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622018/; classtype:trojan-activity;sid:84485118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622017/; classtype:trojan-activity;sid:84485117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622016/; classtype:trojan-activity;sid:84485116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.63.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622015/; classtype:trojan-activity;sid:84485115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.219.122.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622014/; classtype:trojan-activity;sid:84485114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622013)"; flow:established,from_client; content:"GET"; http_method; content:"/k2ct9pcxs4.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vex.naberui.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622013/; classtype:trojan-activity;sid:84485113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622012)"; flow:established,from_client; content:"GET"; http_method; content:"/sec.check|3f|t=jqq32p9q"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n.wofaraa29.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622012/; classtype:trojan-activity;sid:84485112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.194.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622011/; classtype:trojan-activity;sid:84485111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622010)"; flow:established,from_client; content:"GET"; http_method; content:"/kddzmvm35m.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hl.naberui.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622010/; classtype:trojan-activity;sid:84485110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.64.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622009/; classtype:trojan-activity;sid:84485109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622007)"; flow:established,from_client; content:"GET"; http_method; content:"/kvdyak8k3m.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hl.naberui.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622007/; classtype:trojan-activity;sid:84485107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622008)"; flow:established,from_client; content:"GET"; http_method; content:"/oyscwswzgg.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hl.naberui.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622008/; classtype:trojan-activity;sid:84485108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622006)"; flow:established,from_client; content:"GET"; http_method; content:"/key.check|3f|t=wz6lt2r9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"g.kilut4ou8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622006/; classtype:trojan-activity;sid:84485106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.83.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622005/; classtype:trojan-activity;sid:84485105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.240.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622004/; classtype:trojan-activity;sid:84485104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.92.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622003/; classtype:trojan-activity;sid:84485103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.212.124.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622002/; classtype:trojan-activity;sid:84485102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.133.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622001/; classtype:trojan-activity;sid:84485101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622000/; classtype:trojan-activity;sid:84485100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.174.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621999/; classtype:trojan-activity;sid:84485099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.157.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621998/; classtype:trojan-activity;sid:84485098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621997)"; flow:established,from_client; content:"GET"; http_method; content:"/pec4c59977.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hl.naberui.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621997/; classtype:trojan-activity;sid:84485097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.63.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621996/; classtype:trojan-activity;sid:84485096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621995)"; flow:established,from_client; content:"GET"; http_method; content:"/evxdkfdlu9.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hl.naberui.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621995/; classtype:trojan-activity;sid:84485095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621994)"; flow:established,from_client; content:"GET"; http_method; content:"/map.google|3f|t=l5b0vo3g"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"e.kilut4ou8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621994/; classtype:trojan-activity;sid:84485094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.240.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621993/; classtype:trojan-activity;sid:84485093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.71.18.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621992/; classtype:trojan-activity;sid:84485092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621991/; classtype:trojan-activity;sid:84485091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621990)"; flow:established,from_client; content:"GET"; http_method; content:"/loaderuwu/djquhzuahuza/blob/main/discord.js"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621990/; classtype:trojan-activity;sid:84485090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621989)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5394971402/ybldsxh.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621989/; classtype:trojan-activity;sid:84485089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621988)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1432673981/lckhqgu.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621988/; classtype:trojan-activity;sid:84485088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621987)"; flow:established,from_client; content:"GET"; http_method; content:"/loaderuwu/salutt/raw/refs/heads/main/output.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621987/; classtype:trojan-activity;sid:84485087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621986)"; flow:established,from_client; content:"GET"; http_method; content:"/loaderuwu/salutt/releases/download/x0sex/output.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621986/; classtype:trojan-activity;sid:84485086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621985)"; flow:established,from_client; content:"GET"; http_method; content:"/loaderuwu/cooc/blob/main/output%20(1).exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621985/; classtype:trojan-activity;sid:84485085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621982)"; flow:established,from_client; content:"GET"; http_method; content:"/cd/0/get/cxjrqmn29cxhzbglccru9ocy2vvi5jvfrwwcxztcvletwdexvqv5yurqpjeb1dch39vqzqpmzbqboixejtggestzfulpradx6kurphzjj7tw68oroc3dpn9a4tiewkcgxjjm3u6gmlhra3yqo-pmnei2/file|3f|dl=1"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"ucfce6958ec89bab3c337ec2560e.dl.dropboxusercontent.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621982/; classtype:trojan-activity;sid:84485082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621983)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621983/; classtype:trojan-activity;sid:84485083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.174.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621981/; classtype:trojan-activity;sid:84485081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.146.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621980/; classtype:trojan-activity;sid:84485080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621979)"; flow:established,from_client; content:"GET"; http_method; content:"/bfm89j6ary.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"rka.qisytui.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621979/; classtype:trojan-activity;sid:84485079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621977)"; flow:established,from_client; content:"GET"; http_method; content:"/zoo.check|3f|t=sra15aey"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.kilut4ou8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621977/; classtype:trojan-activity;sid:84485077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621978)"; flow:established,from_client; content:"GET"; http_method; content:"/mlcd4backf.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"rka.qisytui.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621978/; classtype:trojan-activity;sid:84485078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621976)"; flow:established,from_client; content:"GET"; http_method; content:"/kibqgx68ai.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"yn.qisytui.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621976/; classtype:trojan-activity;sid:84485076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621975)"; flow:established,from_client; content:"GET"; http_method; content:"/bed.google|3f|t=6dunn7hp"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"t.kilut4ou8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621975/; classtype:trojan-activity;sid:84485075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621974)"; flow:established,from_client; content:"GET"; http_method; content:"/7sgjenw2pn.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"yn.qisytui.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621974/; classtype:trojan-activity;sid:84485074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.172.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621973/; classtype:trojan-activity;sid:84485073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.146.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621972/; classtype:trojan-activity;sid:84485072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.110.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621971/; classtype:trojan-activity;sid:84485071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621969)"; flow:established,from_client; content:"GET"; http_method; content:"/nxzfp9wms9.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"yn.qisytui.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621969/; classtype:trojan-activity;sid:84485069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621970)"; flow:established,from_client; content:"GET"; http_method; content:"/ray.check|3f|t=desj3x7p"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"on.kilut4ou8.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621970/; classtype:trojan-activity;sid:84485070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621968)"; flow:established,from_client; content:"GET"; http_method; content:"/7649gvm0p6.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"yn.qisytui.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621968/; classtype:trojan-activity;sid:84485068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.217.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621967/; classtype:trojan-activity;sid:84485067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.30.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621966/; classtype:trojan-activity;sid:84485066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621965)"; flow:established,from_client; content:"GET"; http_method; content:"/kcez86g83e.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"yn.qisytui.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621965/; classtype:trojan-activity;sid:84485065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621964)"; flow:established,from_client; content:"GET"; http_method; content:"/ear.google|3f|t=iwj1jnk8"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bo.gunim5yi8.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621964/; classtype:trojan-activity;sid:84485064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621963)"; flow:established,from_client; content:"GET"; http_method; content:"/vp5s54zhwc.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"yn.qisytui.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621963/; classtype:trojan-activity;sid:84485063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.235.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621962/; classtype:trojan-activity;sid:84485062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621961/; classtype:trojan-activity;sid:84485061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.4.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621960/; classtype:trojan-activity;sid:84485060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.163.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621959/; classtype:trojan-activity;sid:84485059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.177.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621958/; classtype:trojan-activity;sid:84485058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621957)"; flow:established,from_client; content:"GET"; http_method; content:"/3gilacjhle.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mta.sapafou.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621957/; classtype:trojan-activity;sid:84485057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621956)"; flow:established,from_client; content:"GET"; http_method; content:"/gap.check|3f|t=k7e4f9oj"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pe.gunim5yi8.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621956/; classtype:trojan-activity;sid:84485056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621955)"; flow:established,from_client; content:"GET"; http_method; content:"/qnatwk4lpa.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mta.sapafou.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621955/; classtype:trojan-activity;sid:84485055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.4.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621954/; classtype:trojan-activity;sid:84485054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621953)"; flow:established,from_client; content:"GET"; http_method; content:"/hat.google|3f|t=y0og1fsp"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"wd.gunim5yi8.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621953/; classtype:trojan-activity;sid:84485053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621952)"; flow:established,from_client; content:"GET"; http_method; content:"/ebejetvn2n.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dr.sapafou.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621952/; classtype:trojan-activity;sid:84485052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621951)"; flow:established,from_client; content:"GET"; http_method; content:"/1s8twd7kfe.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dr.sapafou.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621951/; classtype:trojan-activity;sid:84485051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.235.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621950/; classtype:trojan-activity;sid:84485050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.202.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621947/; classtype:trojan-activity;sid:84485047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.202.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621948/; classtype:trojan-activity;sid:84485048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.87.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621949/; classtype:trojan-activity;sid:84485049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.31.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621943/; classtype:trojan-activity;sid:84485043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.95.25.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621944/; classtype:trojan-activity;sid:84485044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.6.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621945/; classtype:trojan-activity;sid:84485045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.177.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621946/; classtype:trojan-activity;sid:84485046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.148.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621942/; classtype:trojan-activity;sid:84485042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.38.3.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621940/; classtype:trojan-activity;sid:84485040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.239.240.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621941/; classtype:trojan-activity;sid:84485041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621939)"; flow:established,from_client; content:"GET"; http_method; content:"/7y7y.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mtmra.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621939/; classtype:trojan-activity;sid:84485039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621938)"; flow:established,from_client; content:"GET"; http_method; content:"/js.php"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mtmra.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621938/; classtype:trojan-activity;sid:84485038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621937)"; flow:established,from_client; content:"GET"; http_method; content:"/7b50107d852f42df8b20aef2f2854add_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621937/; classtype:trojan-activity;sid:84485037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621936)"; flow:established,from_client; content:"GET"; http_method; content:"/d131ceb3b559401490aca6464a4986ef_bound_build.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621936/; classtype:trojan-activity;sid:84485036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621935)"; flow:established,from_client; content:"GET"; http_method; content:"/90129a48641c4917b0bb758f24ee45ba_miner.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621935/; classtype:trojan-activity;sid:84485035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621934)"; flow:established,from_client; content:"GET"; http_method; content:"/d894235f6aac4a15b4b51e29d5adeac3_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621934/; classtype:trojan-activity;sid:84485034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.30.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621933/; classtype:trojan-activity;sid:84485033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621932)"; flow:established,from_client; content:"GET"; http_method; content:"/wvbmpzgn2cdvlhv.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621932/; classtype:trojan-activity;sid:84485032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621931)"; flow:established,from_client; content:"GET"; http_method; content:"/uxo.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"alpinreisan1.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621931/; classtype:trojan-activity;sid:84485031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621930)"; flow:established,from_client; content:"GET"; http_method; content:"/gaselier.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"196.251.69.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621930/; classtype:trojan-activity;sid:84485030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621929)"; flow:established,from_client; content:"GET"; http_method; content:"/pokey.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.69.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621929/; classtype:trojan-activity;sid:84485029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621928)"; flow:established,from_client; content:"GET"; http_method; content:"/oucmrzhcohffzmn.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621928/; classtype:trojan-activity;sid:84485028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621927)"; flow:established,from_client; content:"GET"; http_method; content:"/img/keepingbestgoldwithbetterplacesgoodforme.php"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"96.44.159.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621927/; classtype:trojan-activity;sid:84485027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621926)"; flow:established,from_client; content:"GET"; http_method; content:"/122/verybestfeelingseverygotfrommybestplacess.hta"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"96.44.159.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621926/; classtype:trojan-activity;sid:84485026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.58.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621925/; classtype:trojan-activity;sid:84485025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621924)"; flow:established,from_client; content:"GET"; http_method; content:"/500/verygoodpeoplesaroundtheowrldwithbestfturueforme.php"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"96.44.159.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621924/; classtype:trojan-activity;sid:84485024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621923)"; flow:established,from_client; content:"GET"; http_method; content:"/update/2908.pdf"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"2908.photolives.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621923/; classtype:trojan-activity;sid:84485023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621920)"; flow:established,from_client; content:"GET"; http_method; content:"/dd4517d760bb43ffaf57b426808fc91d_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621920/; classtype:trojan-activity;sid:84485020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621921)"; flow:established,from_client; content:"GET"; http_method; content:"/dda45bc6697f47ef9866999b08f1bc37_miner.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621921/; classtype:trojan-activity;sid:84485021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621922)"; flow:established,from_client; content:"GET"; http_method; content:"/files/2013029379/h6e2syq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621922/; classtype:trojan-activity;sid:84485022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621919)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7435642179/iprkvbx.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621919/; classtype:trojan-activity;sid:84485019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621918)"; flow:established,from_client; content:"GET"; http_method; content:"/top.check|3f|t=tw8kk3kz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"te.gunim5yi8.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621918/; classtype:trojan-activity;sid:84485018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621916)"; flow:established,from_client; content:"GET"; http_method; content:"/p655nnmsbf.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dr.sapafou.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621916/; classtype:trojan-activity;sid:84485016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621917)"; flow:established,from_client; content:"GET"; http_method; content:"/7lyds4d6a9.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dr.sapafou.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621917/; classtype:trojan-activity;sid:84485017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.158.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621915/; classtype:trojan-activity;sid:84485015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621914)"; flow:established,from_client; content:"GET"; http_method; content:"/56fye5l2m2.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"piv.laqygye.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621914/; classtype:trojan-activity;sid:84485014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.163.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621913/; classtype:trojan-activity;sid:84485013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621912)"; flow:established,from_client; content:"GET"; http_method; content:"/red.google|3f|t=rqn1kdl1"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"star.gunim5yi8.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621912/; classtype:trojan-activity;sid:84485012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621911)"; flow:established,from_client; content:"GET"; http_method; content:"/dy4wym21yk.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"piv.laqygye.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621911/; classtype:trojan-activity;sid:84485011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621910)"; flow:established,from_client; content:"GET"; http_method; content:"/nu94j10lrv.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"piv.laqygye.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621910/; classtype:trojan-activity;sid:84485010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621908)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.148.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621908/; classtype:trojan-activity;sid:84485008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621909)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.148.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621909/; classtype:trojan-activity;sid:84485009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621906)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.148.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621906/; classtype:trojan-activity;sid:84485006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621907)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.148.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621907/; classtype:trojan-activity;sid:84485007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621900)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.148.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621900/; classtype:trojan-activity;sid:84485000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621901)"; flow:established,from_client; content:"GET"; http_method; content:"/main_spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.148.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621901/; classtype:trojan-activity;sid:84485001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621902)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.148.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621902/; classtype:trojan-activity;sid:84485002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621903)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.148.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621903/; classtype:trojan-activity;sid:84485003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621904)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.148.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621904/; classtype:trojan-activity;sid:84485004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621905)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.148.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621905/; classtype:trojan-activity;sid:84485005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.189.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621899/; classtype:trojan-activity;sid:84484999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.232.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621898/; classtype:trojan-activity;sid:84484998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.91.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621897/; classtype:trojan-activity;sid:84484997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621896/; classtype:trojan-activity;sid:84484996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.203.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621895/; classtype:trojan-activity;sid:84484995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.232.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621894/; classtype:trojan-activity;sid:84484994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.143.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621893/; classtype:trojan-activity;sid:84484993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.115.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621892/; classtype:trojan-activity;sid:84484992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.91.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621891/; classtype:trojan-activity;sid:84484991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.225.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621890/; classtype:trojan-activity;sid:84484990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.243.228.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621889/; classtype:trojan-activity;sid:84484989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.161.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621888/; classtype:trojan-activity;sid:84484988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621886)"; flow:established,from_client; content:"GET"; http_method; content:"/sky.google|3f|t=3sl5azph"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"deep.lilek4au2.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621886/; classtype:trojan-activity;sid:84484986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621887)"; flow:established,from_client; content:"GET"; http_method; content:"/af8j9fi7q1.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"piv.laqygye.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621887/; classtype:trojan-activity;sid:84484987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.142.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621885/; classtype:trojan-activity;sid:84484985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621884)"; flow:established,from_client; content:"GET"; http_method; content:"/56l0ac7b45.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"piv.laqygye.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621884/; classtype:trojan-activity;sid:84484984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.203.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621883/; classtype:trojan-activity;sid:84484983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.225.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621882/; classtype:trojan-activity;sid:84484982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.25.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621881/; classtype:trojan-activity;sid:84484981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621880)"; flow:established,from_client; content:"GET"; http_method; content:"/way.check|3f|t=h6o3fiyh"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"luck.pykokiu43.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621880/; classtype:trojan-activity;sid:84484980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621879)"; flow:established,from_client; content:"GET"; http_method; content:"/alcqih8g4p.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gx.laqygye.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621879/; classtype:trojan-activity;sid:84484979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621878)"; flow:established,from_client; content:"GET"; http_method; content:"/80g24jyk2s.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zod.wofelee.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621878/; classtype:trojan-activity;sid:84484978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621877)"; flow:established,from_client; content:"GET"; http_method; content:"/p0fbpr79nv.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"fj.wofelee.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621877/; classtype:trojan-activity;sid:84484977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621876)"; flow:established,from_client; content:"GET"; http_method; content:"/best.check|3f|t=qesfwz2u"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bet.pykokiu43.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621876/; classtype:trojan-activity;sid:84484976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621875)"; flow:established,from_client; content:"GET"; http_method; content:"/6j1ifr1l66.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"fj.wofelee.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621875/; classtype:trojan-activity;sid:84484975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.212.39.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621874/; classtype:trojan-activity;sid:84484974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.245.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621873/; classtype:trojan-activity;sid:84484973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.233.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621872/; classtype:trojan-activity;sid:84484972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.9.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621871/; classtype:trojan-activity;sid:84484971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.34.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621870/; classtype:trojan-activity;sid:84484970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.51.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621869/; classtype:trojan-activity;sid:84484969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.25.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621868/; classtype:trojan-activity;sid:84484968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.172.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621867/; classtype:trojan-activity;sid:84484967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621866)"; flow:established,from_client; content:"GET"; http_method; content:"/ydouj98jz3.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"fj.wofelee.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621866/; classtype:trojan-activity;sid:84484966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621865)"; flow:established,from_client; content:"GET"; http_method; content:"/add.google|3f|t=y8ilwztj"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"also.pykokiu43.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621865/; classtype:trojan-activity;sid:84484965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621864)"; flow:established,from_client; content:"GET"; http_method; content:"/3cg2fes9y0.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"fj.wofelee.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621864/; classtype:trojan-activity;sid:84484964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.220.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621863/; classtype:trojan-activity;sid:84484963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.28.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621861/; classtype:trojan-activity;sid:84484961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.34.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621862/; classtype:trojan-activity;sid:84484962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.51.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621860/; classtype:trojan-activity;sid:84484960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.167.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621859/; classtype:trojan-activity;sid:84484959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621858)"; flow:established,from_client; content:"GET"; http_method; content:"/v3enugigb8.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"fj.wofelee.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621858/; classtype:trojan-activity;sid:84484958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621856)"; flow:established,from_client; content:"GET"; http_method; content:"/defi.google|3f|t=7xzh912s"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"xrp.dasurie36.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621856/; classtype:trojan-activity;sid:84484956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621857)"; flow:established,from_client; content:"GET"; http_method; content:"/2dc065f62ee8774c2517bf4c4d2c1211"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"md.rexykye2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621857/; classtype:trojan-activity;sid:84484957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.0.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621855/; classtype:trojan-activity;sid:84484955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621854)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1944164565/jczqebt.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621854/; classtype:trojan-activity;sid:84484954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621853)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7907473703/yotyygx.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621853/; classtype:trojan-activity;sid:84484953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.39.131.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621852/; classtype:trojan-activity;sid:84484952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.220.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621851/; classtype:trojan-activity;sid:84484951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.203.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621850/; classtype:trojan-activity;sid:84484950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.3.30"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621849/; classtype:trojan-activity;sid:84484949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.39.131.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621848/; classtype:trojan-activity;sid:84484948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.0.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621847/; classtype:trojan-activity;sid:84484947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.190.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621846/; classtype:trojan-activity;sid:84484946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.206.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621845/; classtype:trojan-activity;sid:84484945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.206.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621844/; classtype:trojan-activity;sid:84484944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.203.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621843/; classtype:trojan-activity;sid:84484943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621842)"; flow:established,from_client; content:"GET"; http_method; content:"/9my9nez6rk.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"fj.wofelee.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621842/; classtype:trojan-activity;sid:84484942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.89.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621841/; classtype:trojan-activity;sid:84484941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.28.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621840/; classtype:trojan-activity;sid:84484940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.3.30"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621839/; classtype:trojan-activity;sid:84484939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.214.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621838/; classtype:trojan-activity;sid:84484938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.159.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621837/; classtype:trojan-activity;sid:84484937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621836)"; flow:established,from_client; content:"GET"; http_method; content:"/files/632800492/uicxgwf.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621836/; classtype:trojan-activity;sid:84484936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621835)"; flow:established,from_client; content:"GET"; http_method; content:"/uwonka6bg3.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ks.rawimoi.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621835/; classtype:trojan-activity;sid:84484935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.190.189.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621834/; classtype:trojan-activity;sid:84484934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.173.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621833/; classtype:trojan-activity;sid:84484933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.134.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621832/; classtype:trojan-activity;sid:84484932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.212.124.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621831/; classtype:trojan-activity;sid:84484931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621830)"; flow:established,from_client; content:"GET"; http_method; content:"/f36bw6sej9.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ks.rawimoi.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621830/; classtype:trojan-activity;sid:84484930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.134.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621829/; classtype:trojan-activity;sid:84484929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.219.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621828/; classtype:trojan-activity;sid:84484928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.140.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621827/; classtype:trojan-activity;sid:84484927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621826/; classtype:trojan-activity;sid:84484926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621825)"; flow:established,from_client; content:"GET"; http_method; content:"/ffsul6jxne.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ks.rawimoi.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621825/; classtype:trojan-activity;sid:84484925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.34.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621824/; classtype:trojan-activity;sid:84484924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"144.48.121.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621823/; classtype:trojan-activity;sid:84484923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.116.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621822/; classtype:trojan-activity;sid:84484922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.233.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621821/; classtype:trojan-activity;sid:84484921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.251.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621820/; classtype:trojan-activity;sid:84484920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.190.189.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621819/; classtype:trojan-activity;sid:84484919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.140.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621818/; classtype:trojan-activity;sid:84484918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621817/; classtype:trojan-activity;sid:84484917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.189.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621816/; classtype:trojan-activity;sid:84484916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.75.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621815/; classtype:trojan-activity;sid:84484915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621814)"; flow:established,from_client; content:"GET"; http_method; content:"/frtuhzk8eq.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ks.rawimoi.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621814/; classtype:trojan-activity;sid:84484914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.248.44.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621813/; classtype:trojan-activity;sid:84484913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.48.121.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621812/; classtype:trojan-activity;sid:84484912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.255.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621811/; classtype:trojan-activity;sid:84484911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621810)"; flow:established,from_client; content:"GET"; http_method; content:"/1zgljz0q22.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ks.rawimoi.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621810/; classtype:trojan-activity;sid:84484910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.75.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621809/; classtype:trojan-activity;sid:84484909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.189.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621808/; classtype:trojan-activity;sid:84484908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.15.157.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621807/; classtype:trojan-activity;sid:84484907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621806)"; flow:established,from_client; content:"GET"; http_method; content:"/1qnned7d5z.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ks.rawimoi.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621806/; classtype:trojan-activity;sid:84484906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.233.57.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621805/; classtype:trojan-activity;sid:84484905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.161.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621800/; classtype:trojan-activity;sid:84484900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.203.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621801/; classtype:trojan-activity;sid:84484901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.66.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621802/; classtype:trojan-activity;sid:84484902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.205.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621803/; classtype:trojan-activity;sid:84484903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.138.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621804/; classtype:trojan-activity;sid:84484904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.132.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621796/; classtype:trojan-activity;sid:84484896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.35.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621797/; classtype:trojan-activity;sid:84484897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.41.89"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621798/; classtype:trojan-activity;sid:84484898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.105.76.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621799/; classtype:trojan-activity;sid:84484899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.187.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621795/; classtype:trojan-activity;sid:84484895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621794)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250909062802.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"gianfranco.great-site.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621794/; classtype:trojan-activity;sid:84484894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621793)"; flow:established,from_client; content:"GET"; http_method; content:"/1vvqum.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621793/; classtype:trojan-activity;sid:84484893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621791)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfshare/documents.ps1"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"patrickhicks.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621791/; classtype:trojan-activity;sid:84484891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621792)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfshare/document.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"patrickhicks.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621792/; classtype:trojan-activity;sid:84484892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621790)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250909022841.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"gianfranco.great-site.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621790/; classtype:trojan-activity;sid:84484890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621788)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250909022829.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"gianfranco.great-site.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621788/; classtype:trojan-activity;sid:84484888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621789)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250909091801.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"lowkee.lovestoblog.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621789/; classtype:trojan-activity;sid:84484889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621787)"; flow:established,from_client; content:"GET"; http_method; content:"/5suyts1spl.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ks.rawimoi.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621787/; classtype:trojan-activity;sid:84484887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621786)"; flow:established,from_client; content:"GET"; http_method; content:"/janikas.chm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"serralux.pt"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621786/; classtype:trojan-activity;sid:84484886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.2.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621785/; classtype:trojan-activity;sid:84484885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621784)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_xck_noi-ayrajokr5exikj7ismwcwtp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621784/; classtype:trojan-activity;sid:84484884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621783)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/breakingforth.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"katyache.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621783/; classtype:trojan-activity;sid:84484883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621782)"; flow:established,from_client; content:"GET"; http_method; content:"/fonts/iacn.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"f-capture.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621782/; classtype:trojan-activity;sid:84484882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.190.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621781/; classtype:trojan-activity;sid:84484881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621780)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250910093026.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"howtianxxx.xo.je"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621780/; classtype:trojan-activity;sid:84484880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621779)"; flow:established,from_client; content:"GET"; http_method; content:"/qzilsmzbkn_08/03.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"andrefelipedonascime1756166725866.0531865.meusitehostgator.com.br"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621779/; classtype:trojan-activity;sid:84484879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621777)"; flow:established,from_client; content:"GET"; http_method; content:"/qzilsmzbkn_08//02.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"andrefelipedonascime1756166725866.0531865.meusitehostgator.com.br"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621777/; classtype:trojan-activity;sid:84484877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621778)"; flow:established,from_client; content:"GET"; http_method; content:"/qzilsmzbkn_08//01.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"andrefelipedonascime1756166725866.0531865.meusitehostgator.com.br"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621778/; classtype:trojan-activity;sid:84484878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.202.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621776/; classtype:trojan-activity;sid:84484876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621775)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/trwfarcak6scxu6bawx3m/agent.rut.7.6.2.0.exe.com|3f|rlkey=kezjmassbkksfipnlxwj0hy9i|7c|26|7c|st=yfl40qxb|7c|26|7c|dl=1"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621775/; classtype:trojan-activity;sid:84484875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621774)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250910001134.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"tamarindglobal.ct.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621774/; classtype:trojan-activity;sid:84484874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621773)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sjbqadn3x6qwikbrhlfoncqtqj1dd90f"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621773/; classtype:trojan-activity;sid:84484873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621772)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sebkfwgj7ob8qlw-w6sgkjm8vccwnurz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621772/; classtype:trojan-activity;sid:84484872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621771)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250910000647.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"tamarindglobal.ct.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621771/; classtype:trojan-activity;sid:84484871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621769)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=16bk6tem1d2cda9galawhzg2pmsttw-bj"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621769/; classtype:trojan-activity;sid:84484869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621770)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1aueqztmb-z5meb2l6g3hwlaewne3x7ox"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621770/; classtype:trojan-activity;sid:84484870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.187.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621768/; classtype:trojan-activity;sid:84484868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.70.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621767/; classtype:trojan-activity;sid:84484867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621766)"; flow:established,from_client; content:"GET"; http_method; content:"/q4xe0721yg.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ks.rawimoi.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621766/; classtype:trojan-activity;sid:84484866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.2.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621765/; classtype:trojan-activity;sid:84484865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.253.122.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621764/; classtype:trojan-activity;sid:84484864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.190.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621763/; classtype:trojan-activity;sid:84484863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.64.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621762/; classtype:trojan-activity;sid:84484862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.14.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621761/; classtype:trojan-activity;sid:84484861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.16.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621760/; classtype:trojan-activity;sid:84484860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621759)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250909084330.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"boekportret-nl.gt.tc"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621759/; classtype:trojan-activity;sid:84484859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621758)"; flow:established,from_client; content:"GET"; http_method; content:"/az2zqc.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621758/; classtype:trojan-activity;sid:84484858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621757)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1xisuc6psmmj5jzq7jgoffba7avfhzga_"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621757/; classtype:trojan-activity;sid:84484857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621756)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1mwb9mee-jrnauhajip70indlgqzxiyem"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621756/; classtype:trojan-activity;sid:84484856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621755)"; flow:established,from_client; content:"GET"; http_method; content:"/yci0lv.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621755/; classtype:trojan-activity;sid:84484855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621754)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1aefijhkoexondxr1m_fuk2cgsy_kgmec"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621754/; classtype:trojan-activity;sid:84484854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621753)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1okqdyr_kghanl7h_i1mwmlmzfesw_gx0"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621753/; classtype:trojan-activity;sid:84484853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621752)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250910215653.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"testinnew2025.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621752/; classtype:trojan-activity;sid:84484852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621751)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250910215615.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"testinnew2025.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621751/; classtype:trojan-activity;sid:84484851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621750)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250911041007.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"boekportret-nl.gt.tc"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621750/; classtype:trojan-activity;sid:84484850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.143.171.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621749/; classtype:trojan-activity;sid:84484849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.128.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621748/; classtype:trojan-activity;sid:84484848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.234.181.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621747/; classtype:trojan-activity;sid:84484847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.253.122.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621746/; classtype:trojan-activity;sid:84484846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621745)"; flow:established,from_client; content:"GET"; http_method; content:"/fclgqxkynvgbvtnqju85.bin"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"fda.sa.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621745/; classtype:trojan-activity;sid:84484845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621744)"; flow:established,from_client; content:"GET"; http_method; content:"/spiralfjedres.u32"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"tildaras.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621744/; classtype:trojan-activity;sid:84484844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621743)"; flow:established,from_client; content:"GET"; http_method; content:"/i5wcp9.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621743/; classtype:trojan-activity;sid:84484843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621742)"; flow:established,from_client; content:"GET"; http_method; content:"/v0w9kr.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621742/; classtype:trojan-activity;sid:84484842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.30.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621741/; classtype:trojan-activity;sid:84484841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.147.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621740/; classtype:trojan-activity;sid:84484840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.37.188.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621739/; classtype:trojan-activity;sid:84484839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621738)"; flow:established,from_client; content:"GET"; http_method; content:"/qe33zbrtpd.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ks.rawimoi.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621738/; classtype:trojan-activity;sid:84484838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.245.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621737/; classtype:trojan-activity;sid:84484837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.175.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621736/; classtype:trojan-activity;sid:84484836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.17.92.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621735/; classtype:trojan-activity;sid:84484835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.30.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621734/; classtype:trojan-activity;sid:84484834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.37.188.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621733/; classtype:trojan-activity;sid:84484833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621732)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250910094048.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"universitariaglobal.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621732/; classtype:trojan-activity;sid:84484832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621731)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250910094054.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"universitariaglobal.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621731/; classtype:trojan-activity;sid:84484831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621730)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|filename=tuesworm.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"bafybeidh7qmb6ck3xgi2fkuqsoxoc6afxue5nw64fzmjiu35xkkkvy6yqi.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621730/; classtype:trojan-activity;sid:84484830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621729/; classtype:trojan-activity;sid:84484829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.156.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621728/; classtype:trojan-activity;sid:84484828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.87.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621727/; classtype:trojan-activity;sid:84484827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.87.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621726/; classtype:trojan-activity;sid:84484826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621725)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250911010035.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"96.44.159.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621725/; classtype:trojan-activity;sid:84484825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.103.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621724/; classtype:trojan-activity;sid:84484824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621723)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250909083708.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"gianfranco.great-site.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621723/; classtype:trojan-activity;sid:84484823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621722)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250909062810.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"gianfranco.great-site.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621722/; classtype:trojan-activity;sid:84484822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621721)"; flow:established,from_client; content:"GET"; http_method; content:"/file/v209update.pdf"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ups-supp.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621721/; classtype:trojan-activity;sid:84484821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621720)"; flow:established,from_client; content:"GET"; http_method; content:"/oca95/raw"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dpaste.org"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621720/; classtype:trojan-activity;sid:84484820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621719)"; flow:established,from_client; content:"GET"; http_method; content:"/s20hs9vc1n.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ks.rawimoi.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621719/; classtype:trojan-activity;sid:84484819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.161.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621718/; classtype:trojan-activity;sid:84484818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.184.75.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621717/; classtype:trojan-activity;sid:84484817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621716)"; flow:established,from_client; content:"GET"; http_method; content:"/imgs/optimized_msi.png"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"96.44.159.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621716/; classtype:trojan-activity;sid:84484816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621715)"; flow:established,from_client; content:"GET"; http_method; content:"/img/keepingbestgoldwithbetterplacesgoodforme.hta"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"96.44.159.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621715/; classtype:trojan-activity;sid:84484815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.103.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621714/; classtype:trojan-activity;sid:84484814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.215.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621713/; classtype:trojan-activity;sid:84484813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621712)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"50.82.10.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621712/; classtype:trojan-activity;sid:84484812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621711)"; flow:established,from_client; content:"GET"; http_method; content:"/file/v209update.pdf"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"app-ups.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621711/; classtype:trojan-activity;sid:84484811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621710)"; flow:established,from_client; content:"GET"; http_method; content:"/z26d6fxqz8.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ks.rawimoi.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621710/; classtype:trojan-activity;sid:84484810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.33.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621709/; classtype:trojan-activity;sid:84484809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621707)"; flow:established,from_client; content:"GET"; http_method; content:"/10sp.ps1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"202.71.14.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621707/; classtype:trojan-activity;sid:84484807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621708)"; flow:established,from_client; content:"GET"; http_method; content:"/precomposition.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"202.71.14.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621708/; classtype:trojan-activity;sid:84484808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.184.75.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621706/; classtype:trojan-activity;sid:84484806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.215.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621705/; classtype:trojan-activity;sid:84484805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621704)"; flow:established,from_client; content:"GET"; http_method; content:"/8og0ci1gc4.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ks.rawimoi.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621704/; classtype:trojan-activity;sid:84484804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.80.0.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621703/; classtype:trojan-activity;sid:84484803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.223.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621702/; classtype:trojan-activity;sid:84484802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.77.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621701/; classtype:trojan-activity;sid:84484801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.147.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621700/; classtype:trojan-activity;sid:84484800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621698)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__[vault]__[r4]__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/chinga.arc"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621698/; classtype:trojan-activity;sid:84484798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621699)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"vmi2773385.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621699/; classtype:trojan-activity;sid:84484799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621674)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vmi2773385.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621674/; classtype:trojan-activity;sid:84484774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621675)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vmi2773385.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621675/; classtype:trojan-activity;sid:84484775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621676)"; flow:established,from_client; content:"GET"; http_method; content:"/m/moobs"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.153.34.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621676/; classtype:trojan-activity;sid:84484776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621677)"; flow:established,from_client; content:"GET"; http_method; content:"/m/arm4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.153.34.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621677/; classtype:trojan-activity;sid:84484777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621678)"; flow:established,from_client; content:"GET"; http_method; content:"/m/arm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.153.34.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621678/; classtype:trojan-activity;sid:84484778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621679)"; flow:established,from_client; content:"GET"; http_method; content:"/m/mpsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.153.34.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621679/; classtype:trojan-activity;sid:84484779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621680)"; flow:established,from_client; content:"GET"; http_method; content:"/m/arm5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.153.34.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621680/; classtype:trojan-activity;sid:84484780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621681)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2773385.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621681/; classtype:trojan-activity;sid:84484781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621682)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5998301158/xb6igmy.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621682/; classtype:trojan-activity;sid:84484782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621683)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__[vault]__[r4]__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/chinga.i686"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621683/; classtype:trojan-activity;sid:84484783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621684)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2773385.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621684/; classtype:trojan-activity;sid:84484784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621685)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2773385.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621685/; classtype:trojan-activity;sid:84484785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.249.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621686/; classtype:trojan-activity;sid:84484786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621687)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2773385.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621687/; classtype:trojan-activity;sid:84484787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621688)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2773385.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621688/; classtype:trojan-activity;sid:84484788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621689)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vmi2773385.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621689/; classtype:trojan-activity;sid:84484789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621690)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vmi2773385.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621690/; classtype:trojan-activity;sid:84484790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621691)"; flow:established,from_client; content:"GET"; http_method; content:"/m/i.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.153.34.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621691/; classtype:trojan-activity;sid:84484791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621692)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2773385.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621692/; classtype:trojan-activity;sid:84484792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621693)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vmi2773385.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621693/; classtype:trojan-activity;sid:84484793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621694)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vmi2773385.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621694/; classtype:trojan-activity;sid:84484794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621695)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vmi2773385.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621695/; classtype:trojan-activity;sid:84484795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621696)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vmi2773385.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621696/; classtype:trojan-activity;sid:84484796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.121.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621697/; classtype:trojan-activity;sid:84484797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621673)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|campaignid=45628|7c|26|7c|groupid=130392846921|7c|26|7c|targetid=kwd-10005570"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"windefender.best"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621673/; classtype:trojan-activity;sid:84484773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621670)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7839547778/qdhlvvz.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621670/; classtype:trojan-activity;sid:84484770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621671)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6441410640/7d1bbkv.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621671/; classtype:trojan-activity;sid:84484771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621672)"; flow:established,from_client; content:"GET"; http_method; content:"/tujg.mkv"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.17.58.0x31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621672/; classtype:trojan-activity;sid:84484772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.61.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621669/; classtype:trojan-activity;sid:84484769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.94.31.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621668/; classtype:trojan-activity;sid:84484768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.34.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621667/; classtype:trojan-activity;sid:84484767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.80.0.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621666/; classtype:trojan-activity;sid:84484766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.87.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621665/; classtype:trojan-activity;sid:84484765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621664)"; flow:established,from_client; content:"GET"; http_method; content:"/3rw68ow9ls.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ks.rawimoi.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621664/; classtype:trojan-activity;sid:84484764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.2.60.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621663/; classtype:trojan-activity;sid:84484763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.61.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621662/; classtype:trojan-activity;sid:84484762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.38.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621661/; classtype:trojan-activity;sid:84484761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.12.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621660/; classtype:trojan-activity;sid:84484760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.115.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621659/; classtype:trojan-activity;sid:84484759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621658)"; flow:established,from_client; content:"GET"; http_method; content:"/dscbu4yaa8.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ks.rawimoi.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621658/; classtype:trojan-activity;sid:84484758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.87.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621657/; classtype:trojan-activity;sid:84484757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.149.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621656/; classtype:trojan-activity;sid:84484756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.184.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621655/; classtype:trojan-activity;sid:84484755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.162.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621654/; classtype:trojan-activity;sid:84484754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.38.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621653/; classtype:trojan-activity;sid:84484753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.175.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621652/; classtype:trojan-activity;sid:84484752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"74.83.53.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621651/; classtype:trojan-activity;sid:84484751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.52.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621649/; classtype:trojan-activity;sid:84484749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.214.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621650/; classtype:trojan-activity;sid:84484750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.190.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621648/; classtype:trojan-activity;sid:84484748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.149.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621647/; classtype:trojan-activity;sid:84484747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.75.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621646/; classtype:trojan-activity;sid:84484746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621645)"; flow:established,from_client; content:"GET"; http_method; content:"/ds1e6nrw96.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ks.rawimoi.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621645/; classtype:trojan-activity;sid:84484745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.162.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621644/; classtype:trojan-activity;sid:84484744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621643)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8292810163/hopveuf.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621643/; classtype:trojan-activity;sid:84484743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.144.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621642/; classtype:trojan-activity;sid:84484742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621640)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8283443171/8otvjwa.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621640/; classtype:trojan-activity;sid:84484740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621641)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8350398681/yqshjws.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621641/; classtype:trojan-activity;sid:84484741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.162.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621639/; classtype:trojan-activity;sid:84484739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.83.53.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621638/; classtype:trojan-activity;sid:84484738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.17.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621637/; classtype:trojan-activity;sid:84484737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.75.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621636/; classtype:trojan-activity;sid:84484736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.227.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621635/; classtype:trojan-activity;sid:84484735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.187.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621634/; classtype:trojan-activity;sid:84484734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.13.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621633/; classtype:trojan-activity;sid:84484733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.190.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621632/; classtype:trojan-activity;sid:84484732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.29.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621631/; classtype:trojan-activity;sid:84484731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.0.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621630/; classtype:trojan-activity;sid:84484730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.52.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621629/; classtype:trojan-activity;sid:84484729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621628)"; flow:established,from_client; content:"GET"; http_method; content:"/ak3ewll4fz.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ks.rawimoi.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621628/; classtype:trojan-activity;sid:84484728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.29.225.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621627/; classtype:trojan-activity;sid:84484727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.240.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621626/; classtype:trojan-activity;sid:84484726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.187.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621625/; classtype:trojan-activity;sid:84484725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.211.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621623/; classtype:trojan-activity;sid:84484723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.29.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621624/; classtype:trojan-activity;sid:84484724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621622)"; flow:established,from_client; content:"GET"; http_method; content:"/hlumukw05m.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ks.rawimoi.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621622/; classtype:trojan-activity;sid:84484722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.105.76.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621620/; classtype:trojan-activity;sid:84484720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.60.223.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621621/; classtype:trojan-activity;sid:84484721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.250.184.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621618/; classtype:trojan-activity;sid:84484718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.105.76.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621619/; classtype:trojan-activity;sid:84484719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.189.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621615/; classtype:trojan-activity;sid:84484715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.204.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621616/; classtype:trojan-activity;sid:84484716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.116.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621617/; classtype:trojan-activity;sid:84484717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.247.222.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621610/; classtype:trojan-activity;sid:84484710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.156.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621611/; classtype:trojan-activity;sid:84484711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.105.76.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621612/; classtype:trojan-activity;sid:84484712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.152.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621613/; classtype:trojan-activity;sid:84484713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.148.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621614/; classtype:trojan-activity;sid:84484714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.7.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621609/; classtype:trojan-activity;sid:84484709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.240.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621608/; classtype:trojan-activity;sid:84484708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.226.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621607/; classtype:trojan-activity;sid:84484707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.101.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621606/; classtype:trojan-activity;sid:84484706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.217.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621605/; classtype:trojan-activity;sid:84484705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.7.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621604/; classtype:trojan-activity;sid:84484704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.107.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621603/; classtype:trojan-activity;sid:84484703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.140.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621602/; classtype:trojan-activity;sid:84484702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.171.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621601/; classtype:trojan-activity;sid:84484701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.155.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621600/; classtype:trojan-activity;sid:84484700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.13.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621599/; classtype:trojan-activity;sid:84484699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.52.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621598/; classtype:trojan-activity;sid:84484698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.39.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621597/; classtype:trojan-activity;sid:84484697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.46.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621596/; classtype:trojan-activity;sid:84484696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.107.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621595/; classtype:trojan-activity;sid:84484695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.13.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621594/; classtype:trojan-activity;sid:84484694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621593)"; flow:established,from_client; content:"GET"; http_method; content:"/kprce6glux.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ks.rawimoi.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621593/; classtype:trojan-activity;sid:84484693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.134.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621592/; classtype:trojan-activity;sid:84484692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.11.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621591/; classtype:trojan-activity;sid:84484691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.39.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621590/; classtype:trojan-activity;sid:84484690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.35.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621589/; classtype:trojan-activity;sid:84484689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.105.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621588/; classtype:trojan-activity;sid:84484688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.244.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621587/; classtype:trojan-activity;sid:84484687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.155.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621586/; classtype:trojan-activity;sid:84484686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.30.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621585/; classtype:trojan-activity;sid:84484685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.4.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621584/; classtype:trojan-activity;sid:84484684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.244.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621583/; classtype:trojan-activity;sid:84484683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.76.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621582/; classtype:trojan-activity;sid:84484682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.30.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621581/; classtype:trojan-activity;sid:84484681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.201.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621580/; classtype:trojan-activity;sid:84484680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.201.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621579/; classtype:trojan-activity;sid:84484679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.8.224.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621578/; classtype:trojan-activity;sid:84484678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.155.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621577/; classtype:trojan-activity;sid:84484677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.21.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621576/; classtype:trojan-activity;sid:84484676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.229.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621575/; classtype:trojan-activity;sid:84484675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.3.87.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621574/; classtype:trojan-activity;sid:84484674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621573/; classtype:trojan-activity;sid:84484673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.196.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621572/; classtype:trojan-activity;sid:84484672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.21.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621571/; classtype:trojan-activity;sid:84484671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.30.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621570/; classtype:trojan-activity;sid:84484670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.105.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621569/; classtype:trojan-activity;sid:84484669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.241.143.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621568/; classtype:trojan-activity;sid:84484668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621567)"; flow:established,from_client; content:"GET"; http_method; content:"/msx5sy4lgo.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ks.rawimoi.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621567/; classtype:trojan-activity;sid:84484667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.253.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621566/; classtype:trojan-activity;sid:84484666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.198.132.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621565/; classtype:trojan-activity;sid:84484665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.190.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621564/; classtype:trojan-activity;sid:84484664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.14.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621563/; classtype:trojan-activity;sid:84484663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.17.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621562/; classtype:trojan-activity;sid:84484662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.241.143.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621561/; classtype:trojan-activity;sid:84484661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.39.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621559/; classtype:trojan-activity;sid:84484659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.39.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621560/; classtype:trojan-activity;sid:84484660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.14.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621558/; classtype:trojan-activity;sid:84484658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.132.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621557/; classtype:trojan-activity;sid:84484657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.145.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621556/; classtype:trojan-activity;sid:84484656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.17.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621555/; classtype:trojan-activity;sid:84484655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.117.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621554/; classtype:trojan-activity;sid:84484654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.39.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621553/; classtype:trojan-activity;sid:84484653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.45.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621552/; classtype:trojan-activity;sid:84484652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.217.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621551/; classtype:trojan-activity;sid:84484651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.234.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621550/; classtype:trojan-activity;sid:84484650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.178.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621549/; classtype:trojan-activity;sid:84484649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.163.121.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621548/; classtype:trojan-activity;sid:84484648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.174.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621547/; classtype:trojan-activity;sid:84484647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.41.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621546/; classtype:trojan-activity;sid:84484646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621545)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.163.57.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621545/; classtype:trojan-activity;sid:84484645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.81.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621544/; classtype:trojan-activity;sid:84484644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.234.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621543/; classtype:trojan-activity;sid:84484643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.178.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621542/; classtype:trojan-activity;sid:84484642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.114.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621541/; classtype:trojan-activity;sid:84484641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.143.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621540/; classtype:trojan-activity;sid:84484640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621539)"; flow:established,from_client; content:"GET"; http_method; content:"/em693jirrs.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ks.rawimoi.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621539/; classtype:trojan-activity;sid:84484639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.41.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621538/; classtype:trojan-activity;sid:84484638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.81.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621537/; classtype:trojan-activity;sid:84484637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.43.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621536/; classtype:trojan-activity;sid:84484636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.114.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621535/; classtype:trojan-activity;sid:84484635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.174.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621534/; classtype:trojan-activity;sid:84484634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621533)"; flow:established,from_client; content:"GET"; http_method; content:"/oshuphm3o1.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ql.dapusey.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621533/; classtype:trojan-activity;sid:84484633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.216.246.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621532/; classtype:trojan-activity;sid:84484632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621531)"; flow:established,from_client; content:"GET"; http_method; content:"/ras8z4v785.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ql.dapusey.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621531/; classtype:trojan-activity;sid:84484631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.231.147.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621530/; classtype:trojan-activity;sid:84484630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.154.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621529/; classtype:trojan-activity;sid:84484629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.46.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621528/; classtype:trojan-activity;sid:84484628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.4.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621527/; classtype:trojan-activity;sid:84484627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621526)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621526/; classtype:trojan-activity;sid:84484626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621506)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621506/; classtype:trojan-activity;sid:84484606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621507)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621507/; classtype:trojan-activity;sid:84484607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621508)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621508/; classtype:trojan-activity;sid:84484608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621509)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621509/; classtype:trojan-activity;sid:84484609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621510)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621510/; classtype:trojan-activity;sid:84484610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621511)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621511/; classtype:trojan-activity;sid:84484611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621512)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621512/; classtype:trojan-activity;sid:84484612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621513)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621513/; classtype:trojan-activity;sid:84484613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621514)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621514/; classtype:trojan-activity;sid:84484614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621515)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621515/; classtype:trojan-activity;sid:84484615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621516)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621516/; classtype:trojan-activity;sid:84484616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621517)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621517/; classtype:trojan-activity;sid:84484617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621518)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621518/; classtype:trojan-activity;sid:84484618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621519)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621519/; classtype:trojan-activity;sid:84484619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621520)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621520/; classtype:trojan-activity;sid:84484620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621521)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621521/; classtype:trojan-activity;sid:84484621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621522)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621522/; classtype:trojan-activity;sid:84484622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621523)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621523/; classtype:trojan-activity;sid:84484623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621524)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621524/; classtype:trojan-activity;sid:84484624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621525)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621525/; classtype:trojan-activity;sid:84484625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621504)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621504/; classtype:trojan-activity;sid:84484604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621505)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621505/; classtype:trojan-activity;sid:84484605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.231.147.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621503/; classtype:trojan-activity;sid:84484603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621502)"; flow:established,from_client; content:"GET"; http_method; content:"/4zrs7vyj52.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vk.denumeu.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621502/; classtype:trojan-activity;sid:84484602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.70.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621501/; classtype:trojan-activity;sid:84484601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.244.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621500/; classtype:trojan-activity;sid:84484600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.42.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621499/; classtype:trojan-activity;sid:84484599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.109.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621498/; classtype:trojan-activity;sid:84484598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621497)"; flow:established,from_client; content:"GET"; http_method; content:"/all.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.181.129.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621497/; classtype:trojan-activity;sid:84484597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621495)"; flow:established,from_client; content:"GET"; http_method; content:"/ajax/pixi.min.js"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"aftermaths-attraction.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621495/; classtype:trojan-activity;sid:84484595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621496)"; flow:established,from_client; content:"GET"; http_method; content:"/js.php"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rfwklaw.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621496/; classtype:trojan-activity;sid:84484596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621494)"; flow:established,from_client; content:"GET"; http_method; content:"/4e7h.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rfwklaw.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621494/; classtype:trojan-activity;sid:84484594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.16.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621491/; classtype:trojan-activity;sid:84484591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.3.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621492/; classtype:trojan-activity;sid:84484592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.148.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621493/; classtype:trojan-activity;sid:84484593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.14.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621488/; classtype:trojan-activity;sid:84484588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.232.160.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621489/; classtype:trojan-activity;sid:84484589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.196.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621490/; classtype:trojan-activity;sid:84484590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.247.222.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621487/; classtype:trojan-activity;sid:84484587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.156.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621486/; classtype:trojan-activity;sid:84484586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.33.9"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621485/; classtype:trojan-activity;sid:84484585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621484/; classtype:trojan-activity;sid:84484584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.244.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621483/; classtype:trojan-activity;sid:84484583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.211.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621482/; classtype:trojan-activity;sid:84484582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.42.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621481/; classtype:trojan-activity;sid:84484581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621480)"; flow:established,from_client; content:"GET"; http_method; content:"/hrsmo2bqrf.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vk.denumeu.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621480/; classtype:trojan-activity;sid:84484580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621479/; classtype:trojan-activity;sid:84484579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.211.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621478/; classtype:trojan-activity;sid:84484578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.8.224.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621477/; classtype:trojan-activity;sid:84484577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621476)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"34.19.22.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621476/; classtype:trojan-activity;sid:84484576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621475)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.117.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621475/; classtype:trojan-activity;sid:84484575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621473)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.34.66.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621473/; classtype:trojan-activity;sid:84484573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621474)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.147.232.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621474/; classtype:trojan-activity;sid:84484574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621472)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.50.213.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621472/; classtype:trojan-activity;sid:84484572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621460)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.155.165.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621460/; classtype:trojan-activity;sid:84484560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621461)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.40.18.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621461/; classtype:trojan-activity;sid:84484561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621462)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.43.244.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621462/; classtype:trojan-activity;sid:84484562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621463)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.224.139.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621463/; classtype:trojan-activity;sid:84484563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621464)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.132.169.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621464/; classtype:trojan-activity;sid:84484564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621465)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.83.163.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621465/; classtype:trojan-activity;sid:84484565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621466)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"221.132.29.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621466/; classtype:trojan-activity;sid:84484566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621467)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.29.2.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621467/; classtype:trojan-activity;sid:84484567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621468)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.26.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621468/; classtype:trojan-activity;sid:84484568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621469)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.95.135.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621469/; classtype:trojan-activity;sid:84484569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621470)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.222.47.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621470/; classtype:trojan-activity;sid:84484570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621471)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.4.24.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621471/; classtype:trojan-activity;sid:84484571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621459)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"138.197.83.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621459/; classtype:trojan-activity;sid:84484559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.112.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621458/; classtype:trojan-activity;sid:84484558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.116.153.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621457/; classtype:trojan-activity;sid:84484557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.189.106.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621456/; classtype:trojan-activity;sid:84484556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.232.235.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621455/; classtype:trojan-activity;sid:84484555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"149.87.89.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621451/; classtype:trojan-activity;sid:84484551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.53.18.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621452/; classtype:trojan-activity;sid:84484552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.28.152.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621453/; classtype:trojan-activity;sid:84484553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.36.147.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621454/; classtype:trojan-activity;sid:84484554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.120.133.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621443/; classtype:trojan-activity;sid:84484543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.138.176.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621444/; classtype:trojan-activity;sid:84484544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.232.69.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621445/; classtype:trojan-activity;sid:84484545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.60.211.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621446/; classtype:trojan-activity;sid:84484546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.226.137.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621447/; classtype:trojan-activity;sid:84484547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.152.172.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621448/; classtype:trojan-activity;sid:84484548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.87.1.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621449/; classtype:trojan-activity;sid:84484549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.161.76.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621450/; classtype:trojan-activity;sid:84484550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.214.227.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621442/; classtype:trojan-activity;sid:84484542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.46.22.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621441/; classtype:trojan-activity;sid:84484541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621440)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.159.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621440/; classtype:trojan-activity;sid:84484540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621439)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.188.100.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621439/; classtype:trojan-activity;sid:84484539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621426)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.159.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621426/; classtype:trojan-activity;sid:84484526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621427)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"27.75.66.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621427/; classtype:trojan-activity;sid:84484527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621428)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.132.64.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621428/; classtype:trojan-activity;sid:84484528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621429)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"27.75.66.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621429/; classtype:trojan-activity;sid:84484529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621430)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.41.157.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621430/; classtype:trojan-activity;sid:84484530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621431)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.143.21.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621431/; classtype:trojan-activity;sid:84484531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621432)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.180.194.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621432/; classtype:trojan-activity;sid:84484532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621433)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.248.12.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621433/; classtype:trojan-activity;sid:84484533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621434)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.236.188.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621434/; classtype:trojan-activity;sid:84484534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621435)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.188.100.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621435/; classtype:trojan-activity;sid:84484535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621436)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.85.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621436/; classtype:trojan-activity;sid:84484536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621437)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.85.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621437/; classtype:trojan-activity;sid:84484537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621438)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.209.99.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621438/; classtype:trojan-activity;sid:84484538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621422)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.49.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621422/; classtype:trojan-activity;sid:84484522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621423)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.49.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621423/; classtype:trojan-activity;sid:84484523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621424)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.249.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621424/; classtype:trojan-activity;sid:84484524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621425)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.249.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621425/; classtype:trojan-activity;sid:84484525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621421)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.249.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621421/; classtype:trojan-activity;sid:84484521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621420)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.49.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621420/; classtype:trojan-activity;sid:84484520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621419)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.49.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621419/; classtype:trojan-activity;sid:84484519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621416)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.150.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621416/; classtype:trojan-activity;sid:84484516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621417)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.138.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621417/; classtype:trojan-activity;sid:84484517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621418)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.131.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621418/; classtype:trojan-activity;sid:84484518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.60.237"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621415/; classtype:trojan-activity;sid:84484515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.55.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621414/; classtype:trojan-activity;sid:84484514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621413)"; flow:established,from_client; content:"GET"; http_method; content:"/f1xm0dzfgr.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vk.denumeu.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621413/; classtype:trojan-activity;sid:84484513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.62.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621412/; classtype:trojan-activity;sid:84484512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.159.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621411/; classtype:trojan-activity;sid:84484511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.99.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621410/; classtype:trojan-activity;sid:84484510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.60.237"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621409/; classtype:trojan-activity;sid:84484509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.86.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621408/; classtype:trojan-activity;sid:84484508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.9.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621407/; classtype:trojan-activity;sid:84484507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.229.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621406/; classtype:trojan-activity;sid:84484506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.62.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621405/; classtype:trojan-activity;sid:84484505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.239.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621404/; classtype:trojan-activity;sid:84484504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.86.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621402/; classtype:trojan-activity;sid:84484502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621403)"; flow:established,from_client; content:"GET"; http_method; content:"/j2hyju6mwo.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vk.denumeu.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621403/; classtype:trojan-activity;sid:84484503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.134.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621401/; classtype:trojan-activity;sid:84484501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.111.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621400/; classtype:trojan-activity;sid:84484500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621399)"; flow:established,from_client; content:"GET"; http_method; content:"/8si31e4ito.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vk.denumeu.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621399/; classtype:trojan-activity;sid:84484499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.16.164.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621398/; classtype:trojan-activity;sid:84484498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.146.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621397/; classtype:trojan-activity;sid:84484497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.244.203.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621396/; classtype:trojan-activity;sid:84484496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.55.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621395/; classtype:trojan-activity;sid:84484495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.86.15.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621393/; classtype:trojan-activity;sid:84484493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.134.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621394/; classtype:trojan-activity;sid:84484494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.201.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621392/; classtype:trojan-activity;sid:84484492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.55.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621391/; classtype:trojan-activity;sid:84484491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.101.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621390/; classtype:trojan-activity;sid:84484490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.16.164.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621389/; classtype:trojan-activity;sid:84484489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621388)"; flow:established,from_client; content:"GET"; http_method; content:"/mbo4g85j35.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vk.denumeu.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621388/; classtype:trojan-activity;sid:84484488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.48.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621387/; classtype:trojan-activity;sid:84484487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.163.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621385/; classtype:trojan-activity;sid:84484485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.146.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621386/; classtype:trojan-activity;sid:84484486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.239.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621384/; classtype:trojan-activity;sid:84484484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.15.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621383/; classtype:trojan-activity;sid:84484483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.80.109.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621382/; classtype:trojan-activity;sid:84484482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.161.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621381/; classtype:trojan-activity;sid:84484481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621379)"; flow:established,from_client; content:"GET"; http_method; content:"/bz.hta"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ms-team-ping4.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621379/; classtype:trojan-activity;sid:84484479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621380)"; flow:established,from_client; content:"GET"; http_method; content:"/bz.hta"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ms-team-ping3.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621380/; classtype:trojan-activity;sid:84484480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621378)"; flow:established,from_client; content:"GET"; http_method; content:"/bz.hta"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ms-team-ping1.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621378/; classtype:trojan-activity;sid:84484478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621375)"; flow:established,from_client; content:"GET"; http_method; content:"/bz.hta"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ms-team-ping6.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621375/; classtype:trojan-activity;sid:84484475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621376)"; flow:established,from_client; content:"GET"; http_method; content:"/bz.hta"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ms-team-ping2.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621376/; classtype:trojan-activity;sid:84484476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621377)"; flow:established,from_client; content:"GET"; http_method; content:"/bz.hta"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ms-team-ping5.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621377/; classtype:trojan-activity;sid:84484477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621373)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8292810163/hopveuf.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621373/; classtype:trojan-activity;sid:84484473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621374)"; flow:established,from_client; content:"GET"; http_method; content:"/bz.hta"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ms-team-ping9.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621374/; classtype:trojan-activity;sid:84484474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621370)"; flow:established,from_client; content:"GET"; http_method; content:"/bz.hta"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ms-team-ping8.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621370/; classtype:trojan-activity;sid:84484470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621371)"; flow:established,from_client; content:"GET"; http_method; content:"/bz.hta"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ms-team-ping7.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621371/; classtype:trojan-activity;sid:84484471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621372)"; flow:established,from_client; content:"GET"; http_method; content:"/bz.hta"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ms-team-ping10.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621372/; classtype:trojan-activity;sid:84484472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.94.31.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621369/; classtype:trojan-activity;sid:84484469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.55.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621368/; classtype:trojan-activity;sid:84484468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.163.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621367/; classtype:trojan-activity;sid:84484467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.186.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621366/; classtype:trojan-activity;sid:84484466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.80.109.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621365/; classtype:trojan-activity;sid:84484465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.116.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621364/; classtype:trojan-activity;sid:84484464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621363)"; flow:established,from_client; content:"GET"; http_method; content:"/i3op3z3fqs.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vk.denumeu.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621363/; classtype:trojan-activity;sid:84484463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.103.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621362/; classtype:trojan-activity;sid:84484462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.109.138.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621361/; classtype:trojan-activity;sid:84484461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.20.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621360/; classtype:trojan-activity;sid:84484460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.95.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621359/; classtype:trojan-activity;sid:84484459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.229.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621357/; classtype:trojan-activity;sid:84484457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.95.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621358/; classtype:trojan-activity;sid:84484458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.103.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621356/; classtype:trojan-activity;sid:84484456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.186.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621355/; classtype:trojan-activity;sid:84484455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.144.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621354/; classtype:trojan-activity;sid:84484454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621353)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5394971402/kmaegw8.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621353/; classtype:trojan-activity;sid:84484453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.128.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621352/; classtype:trojan-activity;sid:84484452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.246.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621351/; classtype:trojan-activity;sid:84484451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.144.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621350/; classtype:trojan-activity;sid:84484450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621349/; classtype:trojan-activity;sid:84484449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.216.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621348/; classtype:trojan-activity;sid:84484448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621347)"; flow:established,from_client; content:"GET"; http_method; content:"/ifnz2rxzru.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vk.denumeu.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621347/; classtype:trojan-activity;sid:84484447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.237.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621346/; classtype:trojan-activity;sid:84484446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.33.9"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621345/; classtype:trojan-activity;sid:84484445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621344)"; flow:established,from_client; content:"GET"; http_method; content:"/ry5e1uos5s.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.zyrupoe.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621344/; classtype:trojan-activity;sid:84484444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.232.137.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621343/; classtype:trojan-activity;sid:84484443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.120.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621342/; classtype:trojan-activity;sid:84484442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.109.138.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621341/; classtype:trojan-activity;sid:84484441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621340)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5998301158/fnnxojf.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621340/; classtype:trojan-activity;sid:84484440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.111.130.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621339/; classtype:trojan-activity;sid:84484439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.246.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621337/; classtype:trojan-activity;sid:84484437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.237.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621338/; classtype:trojan-activity;sid:84484438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621336)"; flow:established,from_client; content:"GET"; http_method; content:"/t5t3xeeld7.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.zyrupoe.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621336/; classtype:trojan-activity;sid:84484436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.232.137.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621335/; classtype:trojan-activity;sid:84484435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621334)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"198.98.59.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621334/; classtype:trojan-activity;sid:84484434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621333)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"198.98.59.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621333/; classtype:trojan-activity;sid:84484433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621332)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"198.98.59.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621332/; classtype:trojan-activity;sid:84484432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621323)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"198.98.59.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621323/; classtype:trojan-activity;sid:84484423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621324)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"198.98.59.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621324/; classtype:trojan-activity;sid:84484424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621325)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"198.98.59.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621325/; classtype:trojan-activity;sid:84484425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621326)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"198.98.59.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621326/; classtype:trojan-activity;sid:84484426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621327)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"198.98.59.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621327/; classtype:trojan-activity;sid:84484427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621328)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"198.98.59.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621328/; classtype:trojan-activity;sid:84484428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621329)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"198.98.59.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621329/; classtype:trojan-activity;sid:84484429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621330)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"198.98.59.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621330/; classtype:trojan-activity;sid:84484430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621331)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"198.98.59.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621331/; classtype:trojan-activity;sid:84484431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.120.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621322/; classtype:trojan-activity;sid:84484422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.253.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621321/; classtype:trojan-activity;sid:84484421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.111.130.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621320/; classtype:trojan-activity;sid:84484420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.60.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621319/; classtype:trojan-activity;sid:84484419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621318)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"161.97.106.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621318/; classtype:trojan-activity;sid:84484418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621312)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"161.97.106.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621312/; classtype:trojan-activity;sid:84484412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621313)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"161.97.106.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621313/; classtype:trojan-activity;sid:84484413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621314)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"161.97.106.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621314/; classtype:trojan-activity;sid:84484414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621315)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"161.97.106.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621315/; classtype:trojan-activity;sid:84484415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621316)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"161.97.106.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621316/; classtype:trojan-activity;sid:84484416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621317)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"161.97.106.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621317/; classtype:trojan-activity;sid:84484417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621309)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"161.97.106.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621309/; classtype:trojan-activity;sid:84484409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621310)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"161.97.106.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621310/; classtype:trojan-activity;sid:84484410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621311)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"161.97.106.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621311/; classtype:trojan-activity;sid:84484411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621308)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.192.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621308/; classtype:trojan-activity;sid:84484408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.55.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621306/; classtype:trojan-activity;sid:84484406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621307)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621307/; classtype:trojan-activity;sid:84484407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.17.92.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621302/; classtype:trojan-activity;sid:84484402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.216.240.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621303/; classtype:trojan-activity;sid:84484403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.30.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621304/; classtype:trojan-activity;sid:84484404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.159.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621305/; classtype:trojan-activity;sid:84484405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621300)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"161.97.106.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621300/; classtype:trojan-activity;sid:84484400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.162.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621301/; classtype:trojan-activity;sid:84484401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621299)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"161.97.106.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621299/; classtype:trojan-activity;sid:84484399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.140.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621298/; classtype:trojan-activity;sid:84484398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.253.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621297/; classtype:trojan-activity;sid:84484397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621296/; classtype:trojan-activity;sid:84484396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.233.57.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621295/; classtype:trojan-activity;sid:84484395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.60.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621294/; classtype:trojan-activity;sid:84484394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621293)"; flow:established,from_client; content:"GET"; http_method; content:"/hslhihtnu2.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.zyrupoe.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621293/; classtype:trojan-activity;sid:84484393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.249.142.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621292/; classtype:trojan-activity;sid:84484392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.161.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621291/; classtype:trojan-activity;sid:84484391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621290)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5988343637/hwp3bdg.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621290/; classtype:trojan-activity;sid:84484390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.228.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621289/; classtype:trojan-activity;sid:84484389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.124.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621288/; classtype:trojan-activity;sid:84484388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.28.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621287/; classtype:trojan-activity;sid:84484387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621286)"; flow:established,from_client; content:"GET"; http_method; content:"/r9ftguahri.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hs.fypufea.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621286/; classtype:trojan-activity;sid:84484386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.78.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621284/; classtype:trojan-activity;sid:84484384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.77.221.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621285/; classtype:trojan-activity;sid:84484385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.249.142.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621283/; classtype:trojan-activity;sid:84484383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.169.214.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621282/; classtype:trojan-activity;sid:84484382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.169.214.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621281/; classtype:trojan-activity;sid:84484381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.158.74.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621280/; classtype:trojan-activity;sid:84484380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.114.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621279/; classtype:trojan-activity;sid:84484379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.77.221.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621278/; classtype:trojan-activity;sid:84484378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.228.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621277/; classtype:trojan-activity;sid:84484377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621276)"; flow:established,from_client; content:"GET"; http_method; content:"/docx/file2.jpg"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"heuang.unaux.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621276/; classtype:trojan-activity;sid:84484376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621275)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1944164565/ccmrprh.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621275/; classtype:trojan-activity;sid:84484375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.28.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621274/; classtype:trojan-activity;sid:84484374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.196.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621273/; classtype:trojan-activity;sid:84484373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.141.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621272/; classtype:trojan-activity;sid:84484372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.152.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621271/; classtype:trojan-activity;sid:84484371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.180.21.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621270/; classtype:trojan-activity;sid:84484370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.158.74.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621269/; classtype:trojan-activity;sid:84484369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621268)"; flow:established,from_client; content:"GET"; http_method; content:"/gxu6zcfdx2.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hs.fypufea.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621268/; classtype:trojan-activity;sid:84484368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.78.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621267/; classtype:trojan-activity;sid:84484367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.170.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621266/; classtype:trojan-activity;sid:84484366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.152.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621265/; classtype:trojan-activity;sid:84484365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.120.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621264/; classtype:trojan-activity;sid:84484364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"38.52.142.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621263/; classtype:trojan-activity;sid:84484363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.44.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621262/; classtype:trojan-activity;sid:84484362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.116.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621261/; classtype:trojan-activity;sid:84484361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621260)"; flow:established,from_client; content:"GET"; http_method; content:"/debyeg7o5v.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hs.fypufea.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621260/; classtype:trojan-activity;sid:84484360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.170.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621259/; classtype:trojan-activity;sid:84484359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.144.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621258/; classtype:trojan-activity;sid:84484358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.96.130.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621257/; classtype:trojan-activity;sid:84484357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.44.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621256/; classtype:trojan-activity;sid:84484356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.52.142.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621255/; classtype:trojan-activity;sid:84484355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621254)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7521979641/xza7buk.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621254/; classtype:trojan-activity;sid:84484354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621253)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5988343637/x83nv13.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621253/; classtype:trojan-activity;sid:84484353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621252)"; flow:established,from_client; content:"GET"; http_method; content:"/gelgmire04-ops/ne-leute-/raw/main/built.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621252/; classtype:trojan-activity;sid:84484352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621251)"; flow:established,from_client; content:"GET"; http_method; content:"/karrieresk.smi"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"shinobisistema.ro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621251/; classtype:trojan-activity;sid:84484351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621250)"; flow:established,from_client; content:"GET"; http_method; content:"/gelgmire04-ops/ne-leute-/main/built.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621250/; classtype:trojan-activity;sid:84484350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621249)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8473904794/1pernam.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621249/; classtype:trojan-activity;sid:84484349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621248)"; flow:established,from_client; content:"GET"; http_method; content:"/1.bin"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dmoneii.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621248/; classtype:trojan-activity;sid:84484348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.164.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621247/; classtype:trojan-activity;sid:84484347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621246)"; flow:established,from_client; content:"GET"; http_method; content:"/tt"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.90.153.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621246/; classtype:trojan-activity;sid:84484346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621245)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.90.153.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621245/; classtype:trojan-activity;sid:84484345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621244)"; flow:established,from_client; content:"GET"; http_method; content:"/wo7h5hvtya.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hs.fypufea.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621244/; classtype:trojan-activity;sid:84484344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.122.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621243/; classtype:trojan-activity;sid:84484343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.18.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621242/; classtype:trojan-activity;sid:84484342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621241)"; flow:established,from_client; content:"GET"; http_method; content:"/y2x550dcw0.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hs.fypufea.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621241/; classtype:trojan-activity;sid:84484341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.171.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621240/; classtype:trojan-activity;sid:84484340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.154.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621239/; classtype:trojan-activity;sid:84484339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.122.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621238/; classtype:trojan-activity;sid:84484338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.77.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621237/; classtype:trojan-activity;sid:84484337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.31.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621236/; classtype:trojan-activity;sid:84484336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621235)"; flow:established,from_client; content:"GET"; http_method; content:"/p2pzz63323.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tiv.lizusey.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621235/; classtype:trojan-activity;sid:84484335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.1.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621234/; classtype:trojan-activity;sid:84484334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.49.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621233/; classtype:trojan-activity;sid:84484333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.236.221.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621232/; classtype:trojan-activity;sid:84484332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.31.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621231/; classtype:trojan-activity;sid:84484331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.77.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621230/; classtype:trojan-activity;sid:84484330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.61.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621229/; classtype:trojan-activity;sid:84484329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.49.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621228/; classtype:trojan-activity;sid:84484328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.161.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621227/; classtype:trojan-activity;sid:84484327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621226)"; flow:established,from_client; content:"GET"; http_method; content:"/o0shrdk14i.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ym.lizusey.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621226/; classtype:trojan-activity;sid:84484326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.230.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621225/; classtype:trojan-activity;sid:84484325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.143.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621224/; classtype:trojan-activity;sid:84484324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.115.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621223/; classtype:trojan-activity;sid:84484323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.128.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621222/; classtype:trojan-activity;sid:84484322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.61.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621221/; classtype:trojan-activity;sid:84484321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.201.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621220/; classtype:trojan-activity;sid:84484320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621219)"; flow:established,from_client; content:"GET"; http_method; content:"/clpcdrty3n.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ym.lizusey.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621219/; classtype:trojan-activity;sid:84484319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.229.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621218/; classtype:trojan-activity;sid:84484318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621217/; classtype:trojan-activity;sid:84484317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.230.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621216/; classtype:trojan-activity;sid:84484316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.60.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621215/; classtype:trojan-activity;sid:84484315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.195.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621214/; classtype:trojan-activity;sid:84484314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621213)"; flow:established,from_client; content:"GET"; http_method; content:"/hgo0w5q7pf.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"lup.gowuhei.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621213/; classtype:trojan-activity;sid:84484313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.95.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621212/; classtype:trojan-activity;sid:84484312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.143.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621211/; classtype:trojan-activity;sid:84484311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621210)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621210/; classtype:trojan-activity;sid:84484310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621186)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621186/; classtype:trojan-activity;sid:84484286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621187)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621187/; classtype:trojan-activity;sid:84484287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621188)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621188/; classtype:trojan-activity;sid:84484288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621189)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621189/; classtype:trojan-activity;sid:84484289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621190)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621190/; classtype:trojan-activity;sid:84484290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621191)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621191/; classtype:trojan-activity;sid:84484291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621192)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621192/; classtype:trojan-activity;sid:84484292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621193)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621193/; classtype:trojan-activity;sid:84484293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621194)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621194/; classtype:trojan-activity;sid:84484294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621195)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621195/; classtype:trojan-activity;sid:84484295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621196)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621196/; classtype:trojan-activity;sid:84484296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621197)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621197/; classtype:trojan-activity;sid:84484297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621198)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"67.159.18.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621198/; classtype:trojan-activity;sid:84484298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621199)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621199/; classtype:trojan-activity;sid:84484299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621200)"; flow:established,from_client; content:"GET"; http_method; content:"/co"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"67.159.18.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621200/; classtype:trojan-activity;sid:84484300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621201)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"67.159.18.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621201/; classtype:trojan-activity;sid:84484301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621202)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.252.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621202/; classtype:trojan-activity;sid:84484302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621203)"; flow:established,from_client; content:"GET"; http_method; content:"/586"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"67.159.18.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621203/; classtype:trojan-activity;sid:84484303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621204)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"67.159.18.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621204/; classtype:trojan-activity;sid:84484304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621205)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"67.159.18.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621205/; classtype:trojan-activity;sid:84484305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621206)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"67.159.18.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621206/; classtype:trojan-activity;sid:84484306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621207)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.159.18.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621207/; classtype:trojan-activity;sid:84484307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621208)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"67.159.18.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621208/; classtype:trojan-activity;sid:84484308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621209)"; flow:established,from_client; content:"GET"; http_method; content:"/arm61"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"67.159.18.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621209/; classtype:trojan-activity;sid:84484309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.195.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621185/; classtype:trojan-activity;sid:84484285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.60.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621184/; classtype:trojan-activity;sid:84484284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.229.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621183/; classtype:trojan-activity;sid:84484283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.95.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621182/; classtype:trojan-activity;sid:84484282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.83.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621181/; classtype:trojan-activity;sid:84484281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621180)"; flow:established,from_client; content:"GET"; http_method; content:"/2c4iokavi1.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dr.gowuhei.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621180/; classtype:trojan-activity;sid:84484280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.16.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621179/; classtype:trojan-activity;sid:84484279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.29.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621178/; classtype:trojan-activity;sid:84484278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.29.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621177/; classtype:trojan-activity;sid:84484277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.8.87.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621176/; classtype:trojan-activity;sid:84484276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.247.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621174/; classtype:trojan-activity;sid:84484274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.94.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621175/; classtype:trojan-activity;sid:84484275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621173)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"38.14.254.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621173/; classtype:trojan-activity;sid:84484273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.105.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621169/; classtype:trojan-activity;sid:84484269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.228.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621170/; classtype:trojan-activity;sid:84484270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.247.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621171/; classtype:trojan-activity;sid:84484271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.45.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621172/; classtype:trojan-activity;sid:84484272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.167.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621166/; classtype:trojan-activity;sid:84484266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.26.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621167/; classtype:trojan-activity;sid:84484267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.133.19.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621168/; classtype:trojan-activity;sid:84484268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.230.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621165/; classtype:trojan-activity;sid:84484265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.198.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621164/; classtype:trojan-activity;sid:84484264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.46.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621163/; classtype:trojan-activity;sid:84484263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.247.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621162/; classtype:trojan-activity;sid:84484262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.4.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621161/; classtype:trojan-activity;sid:84484261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621160)"; flow:established,from_client; content:"GET"; http_method; content:"/l2pctqw63f.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vex.zyrupoe.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621160/; classtype:trojan-activity;sid:84484260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.121.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621159/; classtype:trojan-activity;sid:84484259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.229.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621158/; classtype:trojan-activity;sid:84484258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.121.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621156/; classtype:trojan-activity;sid:84484256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.217.166.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621157/; classtype:trojan-activity;sid:84484257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.248.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621155/; classtype:trojan-activity;sid:84484255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.4.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621154/; classtype:trojan-activity;sid:84484254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.8.87.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621153/; classtype:trojan-activity;sid:84484253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.70.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621152/; classtype:trojan-activity;sid:84484252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621151)"; flow:established,from_client; content:"GET"; http_method; content:"/s141crn1rx.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kl.zyrupoe.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621151/; classtype:trojan-activity;sid:84484251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.1.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621150/; classtype:trojan-activity;sid:84484250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621149)"; flow:established,from_client; content:"GET"; http_method; content:"/5ffqov9rir.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kl.zyrupoe.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621149/; classtype:trojan-activity;sid:84484249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.97.113.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621148/; classtype:trojan-activity;sid:84484248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.166.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621147/; classtype:trojan-activity;sid:84484247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.214.18.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621146/; classtype:trojan-activity;sid:84484246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.168.206.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621145/; classtype:trojan-activity;sid:84484245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621144)"; flow:established,from_client; content:"GET"; http_method; content:"/qng6xa5hia.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kl.zyrupoe.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621144/; classtype:trojan-activity;sid:84484244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.26.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621143/; classtype:trojan-activity;sid:84484243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.70.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621142/; classtype:trojan-activity;sid:84484242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.97.113.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621141/; classtype:trojan-activity;sid:84484241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.127.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621140/; classtype:trojan-activity;sid:84484240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621139)"; flow:established,from_client; content:"GET"; http_method; content:"/g09e6mqcyk.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kl.zyrupoe.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621139/; classtype:trojan-activity;sid:84484239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.174.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621138/; classtype:trojan-activity;sid:84484238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.207.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621137/; classtype:trojan-activity;sid:84484237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.157.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621135/; classtype:trojan-activity;sid:84484235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621136)"; flow:established,from_client; content:"GET"; http_method; content:"/tevucjmjcg.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mri.jozotea.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621136/; classtype:trojan-activity;sid:84484236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.127.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621134/; classtype:trojan-activity;sid:84484234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.217.161.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621133/; classtype:trojan-activity;sid:84484233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.219.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621132/; classtype:trojan-activity;sid:84484232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.159.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621131/; classtype:trojan-activity;sid:84484231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621130)"; flow:established,from_client; content:"GET"; http_method; content:"/bbzjho5hrn.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qx.jozotea.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621130/; classtype:trojan-activity;sid:84484230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.161.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621129/; classtype:trojan-activity;sid:84484229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.133.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621128/; classtype:trojan-activity;sid:84484228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.229.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621127/; classtype:trojan-activity;sid:84484227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621126)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250909162352.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"universitariaglobal.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621126/; classtype:trojan-activity;sid:84484226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.228.197.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621125/; classtype:trojan-activity;sid:84484225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621124)"; flow:established,from_client; content:"GET"; http_method; content:"/demeane.mdp"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"oborploiesti.ro"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621124/; classtype:trojan-activity;sid:84484224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621123)"; flow:established,from_client; content:"GET"; http_method; content:"/hygieistfj.xtp"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"oborploiesti.ro"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621123/; classtype:trojan-activity;sid:84484223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621122)"; flow:established,from_client; content:"GET"; http_method; content:"/paedo.afm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"oborploiesti.ro"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621122/; classtype:trojan-activity;sid:84484222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621121)"; flow:established,from_client; content:"GET"; http_method; content:"/abonne.ttf"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"oborploiesti.ro"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621121/; classtype:trojan-activity;sid:84484221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621120)"; flow:established,from_client; content:"GET"; http_method; content:"/poyxwijxpngjo204.bin"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"oborploiesti.ro"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621120/; classtype:trojan-activity;sid:84484220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621119)"; flow:established,from_client; content:"GET"; http_method; content:"/yshdp160.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"oborploiesti.ro"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621119/; classtype:trojan-activity;sid:84484219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.219.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621118/; classtype:trojan-activity;sid:84484218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.114.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621117/; classtype:trojan-activity;sid:84484217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.133.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621116/; classtype:trojan-activity;sid:84484216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.133.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621115/; classtype:trojan-activity;sid:84484215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621110)"; flow:established,from_client; content:"GET"; http_method; content:"/upl04d/cl13ent/edu.arm7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"77.90.153.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621110/; classtype:trojan-activity;sid:84484210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621111)"; flow:established,from_client; content:"GET"; http_method; content:"/upl04d/cl13ent/edu.mpsl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"77.90.153.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621111/; classtype:trojan-activity;sid:84484211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621112)"; flow:established,from_client; content:"GET"; http_method; content:"/upl04d/cl13ent/edu.arm6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"77.90.153.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621112/; classtype:trojan-activity;sid:84484212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621113)"; flow:established,from_client; content:"GET"; http_method; content:"/upl04d/cl13ent/edu.arm5n"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"77.90.153.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621113/; classtype:trojan-activity;sid:84484213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621114)"; flow:established,from_client; content:"GET"; http_method; content:"/upl04d/cl13ent/edu.mips"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"77.90.153.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621114/; classtype:trojan-activity;sid:84484214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621109)"; flow:established,from_client; content:"GET"; http_method; content:"/9k1hkuq66r.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"go.pemi9cai6.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621109/; classtype:trojan-activity;sid:84484209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621108)"; flow:established,from_client; content:"GET"; http_method; content:"/upl04d/cl13ent/edu.arm"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"77.90.153.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621108/; classtype:trojan-activity;sid:84484208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621106)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621106/; classtype:trojan-activity;sid:84484206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621107)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.i468"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.117.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621107/; classtype:trojan-activity;sid:84484207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621105)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/wealthyblessings.txt"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"katyache.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621105/; classtype:trojan-activity;sid:84484205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.36.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621104/; classtype:trojan-activity;sid:84484204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.13.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621103/; classtype:trojan-activity;sid:84484203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.159.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621102/; classtype:trojan-activity;sid:84484202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.228.197.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621101/; classtype:trojan-activity;sid:84484201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621100)"; flow:established,from_client; content:"GET"; http_method; content:"/af0765d30f1c4ee89f2e510bec369f76_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"91.108.241.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621100/; classtype:trojan-activity;sid:84484200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.247.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621099/; classtype:trojan-activity;sid:84484199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.94.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621097/; classtype:trojan-activity;sid:84484197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.144.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621098/; classtype:trojan-activity;sid:84484198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621096)"; flow:established,from_client; content:"GET"; http_method; content:"/3b74657c54e3466199fa9fcce50e5ef7_miner.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"91.108.241.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621096/; classtype:trojan-activity;sid:84484196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621095)"; flow:established,from_client; content:"GET"; http_method; content:"/1ee1258f40d24aee8ea52ff58f049c71_miner.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"91.108.241.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621095/; classtype:trojan-activity;sid:84484195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621094)"; flow:established,from_client; content:"GET"; http_method; content:"/bffc264e1f2d4f84bed7a56e0e9ec387_miner.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"91.108.241.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621094/; classtype:trojan-activity;sid:84484194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621088)"; flow:established,from_client; content:"GET"; http_method; content:"/d1c34a117f5f426da4ac9c99eec21290_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"91.108.241.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621088/; classtype:trojan-activity;sid:84484188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621089)"; flow:established,from_client; content:"GET"; http_method; content:"/86f2ca2ac77447e1a094fdf51621df67_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"91.108.241.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621089/; classtype:trojan-activity;sid:84484189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621090)"; flow:established,from_client; content:"GET"; http_method; content:"/4ead55439524478dbc567d4fd632b7bf_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"91.108.241.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621090/; classtype:trojan-activity;sid:84484190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621091)"; flow:established,from_client; content:"GET"; http_method; content:"/da8685d4625b48e1814b364c29fce868_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"91.108.241.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621091/; classtype:trojan-activity;sid:84484191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621092)"; flow:established,from_client; content:"GET"; http_method; content:"/c727ed8d2c2046f9ae633dd13ff63463_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"91.108.241.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621092/; classtype:trojan-activity;sid:84484192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621093)"; flow:established,from_client; content:"GET"; http_method; content:"/a6dda6aea44b41f3bc566a9891cea096_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"91.108.241.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621093/; classtype:trojan-activity;sid:84484193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621087)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/numaneo.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621087/; classtype:trojan-activity;sid:84484187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621086)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/test.jpg"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621086/; classtype:trojan-activity;sid:84484186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.194.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621085/; classtype:trojan-activity;sid:84484185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.113.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621084/; classtype:trojan-activity;sid:84484184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.103.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621083/; classtype:trojan-activity;sid:84484183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.36.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621082/; classtype:trojan-activity;sid:84484182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621081)"; flow:established,from_client; content:"GET"; http_method; content:"/pxlb61og9d.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"go.pemi9cai6.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621081/; classtype:trojan-activity;sid:84484181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.13.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621080/; classtype:trojan-activity;sid:84484180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.103.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621079/; classtype:trojan-activity;sid:84484179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621078)"; flow:established,from_client; content:"GET"; http_method; content:"/uda.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"alpinreisan1.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621078/; classtype:trojan-activity;sid:84484178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621077)"; flow:established,from_client; content:"GET"; http_method; content:"/tusecumscript.vbs"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"107.174.212.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621077/; classtype:trojan-activity;sid:84484177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621076)"; flow:established,from_client; content:"GET"; http_method; content:"/mkd.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"alpinreisan1.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621076/; classtype:trojan-activity;sid:84484176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.214.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621075/; classtype:trojan-activity;sid:84484175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621074)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/lol.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621074/; classtype:trojan-activity;sid:84484174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/lol.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621073/; classtype:trojan-activity;sid:84484173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621072)"; flow:established,from_client; content:"GET"; http_method; content:"/download/direct/529d1f2d-3f7a-411d-9302-ef60d320e36c/d%20%24wc%20%3d%20new-objec.ps1"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"store-na-phx-1.gofile.io"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621072/; classtype:trojan-activity;sid:84484172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621069)"; flow:established,from_client; content:"GET"; http_method; content:"/m/o.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621069/; classtype:trojan-activity;sid:84484169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/lol.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621070/; classtype:trojan-activity;sid:84484170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621071)"; flow:established,from_client; content:"GET"; http_method; content:"/bkp/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"universitariaglobal.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621071/; classtype:trojan-activity;sid:84484171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/lol.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621068/; classtype:trojan-activity;sid:84484168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/lol.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621065/; classtype:trojan-activity;sid:84484165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621066)"; flow:established,from_client; content:"GET"; http_method; content:"/m/mips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621066/; classtype:trojan-activity;sid:84484166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/f96ddccee62b5ae86e381ed0f1b2d512.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621067/; classtype:trojan-activity;sid:84484167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621062)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8473904794/xekp89u.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621062/; classtype:trojan-activity;sid:84484162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621063)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6075866260/tw4gpoc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621063/; classtype:trojan-activity;sid:84484163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621064)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7872486492/4wnruzr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621064/; classtype:trojan-activity;sid:84484164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.201.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621061/; classtype:trojan-activity;sid:84484161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.120.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621060/; classtype:trojan-activity;sid:84484160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.170.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621059/; classtype:trojan-activity;sid:84484159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.241.143.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621058/; classtype:trojan-activity;sid:84484158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.194.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621057/; classtype:trojan-activity;sid:84484157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.214.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621056/; classtype:trojan-activity;sid:84484156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.210.235.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621055/; classtype:trojan-activity;sid:84484155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.132.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621054/; classtype:trojan-activity;sid:84484154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621053)"; flow:established,from_client; content:"GET"; http_method; content:"/k9hirjvldf.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"go.pemi9cai6.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621053/; classtype:trojan-activity;sid:84484153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.193.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621052/; classtype:trojan-activity;sid:84484152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.74.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621051/; classtype:trojan-activity;sid:84484151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.38.94.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621050/; classtype:trojan-activity;sid:84484150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.70.226.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621049/; classtype:trojan-activity;sid:84484149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.193.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621048/; classtype:trojan-activity;sid:84484148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.87.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621047/; classtype:trojan-activity;sid:84484147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.235.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621046/; classtype:trojan-activity;sid:84484146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.229.42.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621044/; classtype:trojan-activity;sid:84484144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.74.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621045/; classtype:trojan-activity;sid:84484145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.163.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621043/; classtype:trojan-activity;sid:84484143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.224.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621042/; classtype:trojan-activity;sid:84484142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.70.226.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621041/; classtype:trojan-activity;sid:84484141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.129.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621040/; classtype:trojan-activity;sid:84484140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621039/; classtype:trojan-activity;sid:84484139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.37.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621038/; classtype:trojan-activity;sid:84484138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621037)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6629342726/h3lbqqq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621037/; classtype:trojan-activity;sid:84484137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.229.42.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621036/; classtype:trojan-activity;sid:84484136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.163.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621035/; classtype:trojan-activity;sid:84484135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621034)"; flow:established,from_client; content:"GET"; http_method; content:"/mpdbi65nw8.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"go.pemi9cai6.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621034/; classtype:trojan-activity;sid:84484134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.25.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621033/; classtype:trojan-activity;sid:84484133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.159.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621031/; classtype:trojan-activity;sid:84484131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621032/; classtype:trojan-activity;sid:84484132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.248.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621030/; classtype:trojan-activity;sid:84484130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.143.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621029/; classtype:trojan-activity;sid:84484129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.183.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621028/; classtype:trojan-activity;sid:84484128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.78.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621027/; classtype:trojan-activity;sid:84484127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.117.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621026/; classtype:trojan-activity;sid:84484126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.216.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621025/; classtype:trojan-activity;sid:84484125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.238.194.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621024/; classtype:trojan-activity;sid:84484124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.23.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621023/; classtype:trojan-activity;sid:84484123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.207.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621022/; classtype:trojan-activity;sid:84484122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.132.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621018/; classtype:trojan-activity;sid:84484118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.32.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621019/; classtype:trojan-activity;sid:84484119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.13.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621020/; classtype:trojan-activity;sid:84484120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.66.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621021/; classtype:trojan-activity;sid:84484121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.221.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621017/; classtype:trojan-activity;sid:84484117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.18.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621016/; classtype:trojan-activity;sid:84484116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.37.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621014/; classtype:trojan-activity;sid:84484114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.126.86.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621015/; classtype:trojan-activity;sid:84484115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.211.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621013/; classtype:trojan-activity;sid:84484113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.224.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621012/; classtype:trojan-activity;sid:84484112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.78.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621011/; classtype:trojan-activity;sid:84484111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.183.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621010/; classtype:trojan-activity;sid:84484110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.103.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621009/; classtype:trojan-activity;sid:84484109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.25.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621007/; classtype:trojan-activity;sid:84484107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.117.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621008/; classtype:trojan-activity;sid:84484108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.246.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621006/; classtype:trojan-activity;sid:84484106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.59.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621005/; classtype:trojan-activity;sid:84484105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.148.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621004/; classtype:trojan-activity;sid:84484104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.135.220.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621003/; classtype:trojan-activity;sid:84484103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.46.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621002/; classtype:trojan-activity;sid:84484102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.59.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621001/; classtype:trojan-activity;sid:84484101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.135.220.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621000/; classtype:trojan-activity;sid:84484100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.15.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3620999/; classtype:trojan-activity;sid:84484099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3620998/; classtype:trojan-activity;sid:84484098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.255.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3620997/; classtype:trojan-activity;sid:84484097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.232.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3620996/; classtype:trojan-activity;sid:84484096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.79.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3620995/; classtype:trojan-activity;sid:84484095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.234.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3620994/; classtype:trojan-activity;sid:84484094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620993)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.240.8.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3620993/; classtype:trojan-activity;sid:84484093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3620992/; classtype:trojan-activity;sid:84484092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.255.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3620991/; classtype:trojan-activity;sid:84484091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.88.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3620990/; classtype:trojan-activity;sid:84484090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.167.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3620989/; classtype:trojan-activity;sid:84484089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.234.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3620988/; classtype:trojan-activity;sid:84484088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.3.87.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3620987/; classtype:trojan-activity;sid:84484087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.159.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3620986/; classtype:trojan-activity;sid:84484086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.216.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3620985/; classtype:trojan-activity;sid:84484085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"184.70.122.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3620984/; classtype:trojan-activity;sid:84484084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.159.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3620983/; classtype:trojan-activity;sid:84484083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.216.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3620982/; classtype:trojan-activity;sid:84484082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.166.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3620981/; classtype:trojan-activity;sid:84484081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.70.122.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3620979/; classtype:trojan-activity;sid:84484079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.211.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3620980/; classtype:trojan-activity;sid:84484080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.31.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620978/; classtype:trojan-activity;sid:84484078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.211.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620977/; classtype:trojan-activity;sid:84484077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.159.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620976/; classtype:trojan-activity;sid:84484076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620975)"; flow:established,from_client; content:"GET"; http_method; content:"/i6685d78xk.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"go.pemi9cai6.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620975/; classtype:trojan-activity;sid:84484075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.31.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620974/; classtype:trojan-activity;sid:84484074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.103.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620973/; classtype:trojan-activity;sid:84484073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.69.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620972/; classtype:trojan-activity;sid:84484072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.179.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620971/; classtype:trojan-activity;sid:84484071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.68.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620970/; classtype:trojan-activity;sid:84484070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620969)"; flow:established,from_client; content:"GET"; http_method; content:"/2nxt0zl51z.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"go.pemi9cai6.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620969/; classtype:trojan-activity;sid:84484069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.41.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620968/; classtype:trojan-activity;sid:84484068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620964)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"150.40.118.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620964/; classtype:trojan-activity;sid:84484064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620965)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"150.40.118.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620965/; classtype:trojan-activity;sid:84484065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620966)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"150.40.118.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620966/; classtype:trojan-activity;sid:84484066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620967)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"150.40.118.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620967/; classtype:trojan-activity;sid:84484067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620962)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"150.40.118.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620962/; classtype:trojan-activity;sid:84484062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620963)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"150.40.118.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620963/; classtype:trojan-activity;sid:84484063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620955)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620955/; classtype:trojan-activity;sid:84484055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620956)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"150.40.118.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620956/; classtype:trojan-activity;sid:84484056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620957)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"150.40.118.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620957/; classtype:trojan-activity;sid:84484057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620958)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"150.40.118.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620958/; classtype:trojan-activity;sid:84484058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620959)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"150.40.118.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620959/; classtype:trojan-activity;sid:84484059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620960)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"150.40.118.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620960/; classtype:trojan-activity;sid:84484060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.179.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620961/; classtype:trojan-activity;sid:84484061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.103.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620954/; classtype:trojan-activity;sid:84484054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.68.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620953/; classtype:trojan-activity;sid:84484053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620952)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.236.16.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620952/; classtype:trojan-activity;sid:84484052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620951)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.127.227.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620951/; classtype:trojan-activity;sid:84484051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.41.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620950/; classtype:trojan-activity;sid:84484050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.130.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620949/; classtype:trojan-activity;sid:84484049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620948)"; flow:established,from_client; content:"GET"; http_method; content:"/ek7ck0q5qg.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gla.niwunae.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620948/; classtype:trojan-activity;sid:84484048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.24.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620947/; classtype:trojan-activity;sid:84484047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.109.128.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620946/; classtype:trojan-activity;sid:84484046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620945)"; flow:established,from_client; content:"GET"; http_method; content:"/nkg8cnndvn.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gla.niwunae.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620945/; classtype:trojan-activity;sid:84484045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.229.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620944/; classtype:trojan-activity;sid:84484044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.109.128.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620943/; classtype:trojan-activity;sid:84484043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.24.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620942/; classtype:trojan-activity;sid:84484042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.65.34.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620941/; classtype:trojan-activity;sid:84484041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.154.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620940/; classtype:trojan-activity;sid:84484040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.8.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620939/; classtype:trojan-activity;sid:84484039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620938)"; flow:established,from_client; content:"GET"; http_method; content:"/5s020omlpx.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gla.niwunae.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620938/; classtype:trojan-activity;sid:84484038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.132.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620937/; classtype:trojan-activity;sid:84484037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.4.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620936/; classtype:trojan-activity;sid:84484036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.8.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620935/; classtype:trojan-activity;sid:84484035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.17.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620926/; classtype:trojan-activity;sid:84484026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.148.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620927/; classtype:trojan-activity;sid:84484027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620928)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.229.32.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620928/; classtype:trojan-activity;sid:84484028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620929)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.229.32.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620929/; classtype:trojan-activity;sid:84484029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620930)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.229.32.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620930/; classtype:trojan-activity;sid:84484030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620931)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.229.32.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620931/; classtype:trojan-activity;sid:84484031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.129.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620932/; classtype:trojan-activity;sid:84484032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.235.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620933/; classtype:trojan-activity;sid:84484033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.21.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620934/; classtype:trojan-activity;sid:84484034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620924)"; flow:established,from_client; content:"GET"; http_method; content:"/js.php"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ffclive.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620924/; classtype:trojan-activity;sid:84484024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620925)"; flow:established,from_client; content:"GET"; http_method; content:"/42d2.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ffclive.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620925/; classtype:trojan-activity;sid:84484025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.132.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620923/; classtype:trojan-activity;sid:84484023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.4.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620922/; classtype:trojan-activity;sid:84484022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.96.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620921/; classtype:trojan-activity;sid:84484021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.136.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620920/; classtype:trojan-activity;sid:84484020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.21.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620919/; classtype:trojan-activity;sid:84484019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620918)"; flow:established,from_client; content:"GET"; http_method; content:"/rbjpqjtwkx.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zu.niwunae.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620918/; classtype:trojan-activity;sid:84484018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.171.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620917/; classtype:trojan-activity;sid:84484017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.166.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620916/; classtype:trojan-activity;sid:84484016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.136.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620915/; classtype:trojan-activity;sid:84484015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620914/; classtype:trojan-activity;sid:84484014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.96.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620913/; classtype:trojan-activity;sid:84484013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.157.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620912/; classtype:trojan-activity;sid:84484012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.171.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620911/; classtype:trojan-activity;sid:84484011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.241.143.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620910/; classtype:trojan-activity;sid:84484010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620909)"; flow:established,from_client; content:"GET"; http_method; content:"/ilqeoibo0w.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zu.niwunae.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620909/; classtype:trojan-activity;sid:84484009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.157.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620908/; classtype:trojan-activity;sid:84484008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.8.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620907/; classtype:trojan-activity;sid:84484007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620906/; classtype:trojan-activity;sid:84484006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.27.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620905/; classtype:trojan-activity;sid:84484005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.47.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620904/; classtype:trojan-activity;sid:84484004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620903)"; flow:established,from_client; content:"GET"; http_method; content:"/sz8jnjh5fc.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kro.sehamyu.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620903/; classtype:trojan-activity;sid:84484003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.202.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620902/; classtype:trojan-activity;sid:84484002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620901/; classtype:trojan-activity;sid:84484001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620900/; classtype:trojan-activity;sid:84484000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.63.249.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620899/; classtype:trojan-activity;sid:84483999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.151.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620898/; classtype:trojan-activity;sid:84483998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.181.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620897/; classtype:trojan-activity;sid:84483997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.202.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620896/; classtype:trojan-activity;sid:84483996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620895)"; flow:established,from_client; content:"GET"; http_method; content:"/abscz687bv.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kro.sehamyu.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620895/; classtype:trojan-activity;sid:84483995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.226.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620894/; classtype:trojan-activity;sid:84483994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620893/; classtype:trojan-activity;sid:84483993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620892)"; flow:established,from_client; content:"GET"; http_method; content:"/namc2931-group/namc2931-project/-/raw/main/t3-9625.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620892/; classtype:trojan-activity;sid:84483992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620891)"; flow:established,from_client; content:"GET"; http_method; content:"/2441ad99bc98451e8e1716371896e27b_miner.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"91.108.241.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620891/; classtype:trojan-activity;sid:84483991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620890)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6629342726/w4ejzzx.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620890/; classtype:trojan-activity;sid:84483990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620889)"; flow:established,from_client; content:"GET"; http_method; content:"/926ab7d10da645f08b9d109b5bab77c8_bound_build.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"91.108.241.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620889/; classtype:trojan-activity;sid:84483989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620888)"; flow:established,from_client; content:"GET"; http_method; content:"/ud3-ux/9625-3t/raw/main/u-p.png"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620888/; classtype:trojan-activity;sid:84483988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620885)"; flow:established,from_client; content:"GET"; http_method; content:"/051e910c9d3249d5847b19d367bf91a8_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"91.108.241.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620885/; classtype:trojan-activity;sid:84483985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620886)"; flow:established,from_client; content:"GET"; http_method; content:"/08b29d7bd3d9474e81573525d5dd1822_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"91.108.241.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620886/; classtype:trojan-activity;sid:84483986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620887)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7909777397/ztzvq1g.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620887/; classtype:trojan-activity;sid:84483987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620883)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7909777397/ztzvq1g.ps1"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620883/; classtype:trojan-activity;sid:84483983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620884)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6629342726/w4ejzzx.ps1"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620884/; classtype:trojan-activity;sid:84483984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.63.249.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620882/; classtype:trojan-activity;sid:84483982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.181.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620881/; classtype:trojan-activity;sid:84483981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.79.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620880/; classtype:trojan-activity;sid:84483980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620879)"; flow:established,from_client; content:"GET"; http_method; content:"/99.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pub-6f7fb0d0ae0f40fbad68520fce393d92.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620879/; classtype:trojan-activity;sid:84483979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620878/; classtype:trojan-activity;sid:84483978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620877)"; flow:established,from_client; content:"GET"; http_method; content:"/6zkh51dk12.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"va.sehamyu.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620877/; classtype:trojan-activity;sid:84483977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.26.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620876/; classtype:trojan-activity;sid:84483976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.26.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620875/; classtype:trojan-activity;sid:84483975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.93.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620874/; classtype:trojan-activity;sid:84483974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620873/; classtype:trojan-activity;sid:84483973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.226.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620872/; classtype:trojan-activity;sid:84483972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.93.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620871/; classtype:trojan-activity;sid:84483971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.232.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620870/; classtype:trojan-activity;sid:84483970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.220.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620869/; classtype:trojan-activity;sid:84483969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.219.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620868/; classtype:trojan-activity;sid:84483968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.191.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620867/; classtype:trojan-activity;sid:84483967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.61.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620866/; classtype:trojan-activity;sid:84483966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.161.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620865/; classtype:trojan-activity;sid:84483965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.194.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620864/; classtype:trojan-activity;sid:84483964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620863)"; flow:established,from_client; content:"GET"; http_method; content:"/u11r9355ga.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"va.sehamyu.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620863/; classtype:trojan-activity;sid:84483963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.36.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620862/; classtype:trojan-activity;sid:84483962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.232.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620861/; classtype:trojan-activity;sid:84483961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.1.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620860/; classtype:trojan-activity;sid:84483960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620859)"; flow:established,from_client; content:"GET"; http_method; content:"/ovx70yer0c.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"va.sehamyu.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620859/; classtype:trojan-activity;sid:84483959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.61.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620858/; classtype:trojan-activity;sid:84483958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.94.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620857/; classtype:trojan-activity;sid:84483957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.36.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620856/; classtype:trojan-activity;sid:84483956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620855)"; flow:established,from_client; content:"GET"; http_method; content:"/1.bak"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"192.3.229.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620855/; classtype:trojan-activity;sid:84483955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620853)"; flow:established,from_client; content:"GET"; http_method; content:"/6.bak"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"192.3.229.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620853/; classtype:trojan-activity;sid:84483953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620854)"; flow:established,from_client; content:"GET"; http_method; content:"/2.bak"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"192.3.229.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620854/; classtype:trojan-activity;sid:84483954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620850)"; flow:established,from_client; content:"GET"; http_method; content:"/hexnew"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.3.229.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620850/; classtype:trojan-activity;sid:84483950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620851)"; flow:established,from_client; content:"GET"; http_method; content:"/3.bak"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"192.3.229.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620851/; classtype:trojan-activity;sid:84483951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620852)"; flow:established,from_client; content:"GET"; http_method; content:"/7.bak"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"192.3.229.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620852/; classtype:trojan-activity;sid:84483952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620848)"; flow:established,from_client; content:"GET"; http_method; content:"/8.bak"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"192.3.229.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620848/; classtype:trojan-activity;sid:84483948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620849)"; flow:established,from_client; content:"GET"; http_method; content:"/4.bak"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"192.3.229.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620849/; classtype:trojan-activity;sid:84483949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620841)"; flow:established,from_client; content:"GET"; http_method; content:"/10.bak"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.3.229.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620841/; classtype:trojan-activity;sid:84483941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620842)"; flow:established,from_client; content:"GET"; http_method; content:"/241017.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"192.3.229.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620842/; classtype:trojan-activity;sid:84483942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620843)"; flow:established,from_client; content:"GET"; http_method; content:"/hex9833"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"192.3.229.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620843/; classtype:trojan-activity;sid:84483943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620844)"; flow:established,from_client; content:"GET"; http_method; content:"/artifact.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"192.3.229.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620844/; classtype:trojan-activity;sid:84483944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620845)"; flow:established,from_client; content:"GET"; http_method; content:"/5.bak"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"192.3.229.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620845/; classtype:trojan-activity;sid:84483945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620846)"; flow:established,from_client; content:"GET"; http_method; content:"/9.bak"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"192.3.229.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620846/; classtype:trojan-activity;sid:84483946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620847)"; flow:established,from_client; content:"GET"; http_method; content:"/9833.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"192.3.229.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620847/; classtype:trojan-activity;sid:84483947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.60.249.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620840/; classtype:trojan-activity;sid:84483940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620839)"; flow:established,from_client; content:"GET"; http_method; content:"/3e01cwgbb6.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sne.dovagua.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620839/; classtype:trojan-activity;sid:84483939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.249.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620838/; classtype:trojan-activity;sid:84483938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"144.48.121.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620837/; classtype:trojan-activity;sid:84483937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620836)"; flow:established,from_client; content:"GET"; http_method; content:"/v/i686"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.198.234.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620836/; classtype:trojan-activity;sid:84483936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620835)"; flow:established,from_client; content:"GET"; http_method; content:"/client-built.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"5.133.102.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620835/; classtype:trojan-activity;sid:84483935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.21.172.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620834/; classtype:trojan-activity;sid:84483934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620833)"; flow:established,from_client; content:"GET"; http_method; content:"/etpogprcoi.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jl.dovagua.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620833/; classtype:trojan-activity;sid:84483933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.21.172.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620832/; classtype:trojan-activity;sid:84483932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620831/; classtype:trojan-activity;sid:84483931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620830)"; flow:established,from_client; content:"GET"; http_method; content:"/5knks5s74s.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jl.dovagua.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620830/; classtype:trojan-activity;sid:84483930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620829)"; flow:established,from_client; content:"GET"; http_method; content:"/u2dembibpf.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jl.dovagua.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620829/; classtype:trojan-activity;sid:84483929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620828)"; flow:established,from_client; content:"GET"; http_method; content:"/97xxi133ix.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zod.fypufea.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620828/; classtype:trojan-activity;sid:84483928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620827)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5254702106/lanu0l7.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620827/; classtype:trojan-activity;sid:84483927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620826)"; flow:established,from_client; content:"GET"; http_method; content:"/rule/check|3f|ckey=aus2ybp4pywkfpjhy/fwzgrxddnv+tjespvhruzlviyc4xtn6v7fguvrznzmgnfxdbymsbobcsy3ltle+svq/sqlvjmkb5m2szbmbk5oxnu33ovfmzsdicstkx5mf2nrwhtwjv5rwkezgbjzagc7ee9ocp0xva4rmvggfgimliq=|7c|26|7c|data=dua7n7qfqlbxsauvr8wl/tn4xqekqmnwkv/i"; http_uri; depth:243; isdataat:!1,relative; nocase; content:"ykapi.luyou.360.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620826/; classtype:trojan-activity;sid:84483926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.177.33.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620825/; classtype:trojan-activity;sid:84483925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.211.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620822/; classtype:trojan-activity;sid:84483922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.246.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620823/; classtype:trojan-activity;sid:84483923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.128.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620824/; classtype:trojan-activity;sid:84483924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.199.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620819/; classtype:trojan-activity;sid:84483919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.83.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620820/; classtype:trojan-activity;sid:84483920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.33.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620821/; classtype:trojan-activity;sid:84483921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.240.165.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620818/; classtype:trojan-activity;sid:84483918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.60.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620817/; classtype:trojan-activity;sid:84483917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.69.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620816/; classtype:trojan-activity;sid:84483916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.74.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620815/; classtype:trojan-activity;sid:84483915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620814/; classtype:trojan-activity;sid:84483914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620813)"; flow:established,from_client; content:"GET"; http_method; content:"/1czs73s7ie.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jl.dovagua.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620813/; classtype:trojan-activity;sid:84483913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.214.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620812/; classtype:trojan-activity;sid:84483912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.99.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620811/; classtype:trojan-activity;sid:84483911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620810)"; flow:established,from_client; content:"GET"; http_method; content:"/tis4nmz5ya.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jl.dovagua.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620810/; classtype:trojan-activity;sid:84483910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.174.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620809/; classtype:trojan-activity;sid:84483909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620808)"; flow:established,from_client; content:"GET"; http_method; content:"/of2g1z6d3d.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jl.dovagua.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620808/; classtype:trojan-activity;sid:84483908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.239.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620807/; classtype:trojan-activity;sid:84483907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.26.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620806/; classtype:trojan-activity;sid:84483906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.174.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620805/; classtype:trojan-activity;sid:84483905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.65.215.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620804/; classtype:trojan-activity;sid:84483904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.143.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620803/; classtype:trojan-activity;sid:84483903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.255.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620802/; classtype:trojan-activity;sid:84483902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.65.215.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620801/; classtype:trojan-activity;sid:84483901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620800)"; flow:established,from_client; content:"GET"; http_method; content:"/nx6tvmzb9m.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jl.dovagua.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620800/; classtype:trojan-activity;sid:84483900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.143.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620799/; classtype:trojan-activity;sid:84483899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.193.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620798/; classtype:trojan-activity;sid:84483898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.212.216.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620797/; classtype:trojan-activity;sid:84483897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.160.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620795/; classtype:trojan-activity;sid:84483895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.2.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620796/; classtype:trojan-activity;sid:84483896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620794)"; flow:established,from_client; content:"GET"; http_method; content:"/8lxz5ipzgq.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jl.dovagua.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620794/; classtype:trojan-activity;sid:84483894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.193.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620793/; classtype:trojan-activity;sid:84483893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.189.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620792/; classtype:trojan-activity;sid:84483892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.87.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620791/; classtype:trojan-activity;sid:84483891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620790)"; flow:established,from_client; content:"GET"; http_method; content:"/v/armv7l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.198.234.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620790/; classtype:trojan-activity;sid:84483890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.100.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620789/; classtype:trojan-activity;sid:84483889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.160.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620788/; classtype:trojan-activity;sid:84483888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620787)"; flow:established,from_client; content:"GET"; http_method; content:"/v/armv5l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.198.234.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620787/; classtype:trojan-activity;sid:84483887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.2.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620786/; classtype:trojan-activity;sid:84483886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.214.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620784/; classtype:trojan-activity;sid:84483884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.59.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620785/; classtype:trojan-activity;sid:84483885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620783)"; flow:established,from_client; content:"GET"; http_method; content:"/v/armv4l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.198.234.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620783/; classtype:trojan-activity;sid:84483883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620782)"; flow:established,from_client; content:"GET"; http_method; content:"/xa9ts39yc2.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jl.dovagua.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620782/; classtype:trojan-activity;sid:84483882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.189.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620781/; classtype:trojan-activity;sid:84483881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.212.216.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620780/; classtype:trojan-activity;sid:84483880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.67.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620779/; classtype:trojan-activity;sid:84483879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620778)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8378987420/ibyh8zh.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620778/; classtype:trojan-activity;sid:84483878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620777)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8052963817/cbh7j28.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620777/; classtype:trojan-activity;sid:84483877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620776)"; flow:established,from_client; content:"GET"; http_method; content:"/files/341290069/yok7kgg.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620776/; classtype:trojan-activity;sid:84483876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620773)"; flow:established,from_client; content:"GET"; http_method; content:"/files/341290069/llhqto4.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620773/; classtype:trojan-activity;sid:84483873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620774)"; flow:established,from_client; content:"GET"; http_method; content:"/test/exe/random2.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620774/; classtype:trojan-activity;sid:84483874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620775)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/index.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620775/; classtype:trojan-activity;sid:84483875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620772)"; flow:established,from_client; content:"GET"; http_method; content:"/oqc1f3o7ra.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jl.dovagua.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620772/; classtype:trojan-activity;sid:84483872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.87.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620771/; classtype:trojan-activity;sid:84483871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.121.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620770/; classtype:trojan-activity;sid:84483870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.110.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620769/; classtype:trojan-activity;sid:84483869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.141.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620768/; classtype:trojan-activity;sid:84483868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.67.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620767/; classtype:trojan-activity;sid:84483867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620766)"; flow:established,from_client; content:"GET"; http_method; content:"/w3b9cpmexm.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jl.dovagua.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620766/; classtype:trojan-activity;sid:84483866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.26.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620765/; classtype:trojan-activity;sid:84483865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.230.21.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620764/; classtype:trojan-activity;sid:84483864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.191.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620763/; classtype:trojan-activity;sid:84483863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620762/; classtype:trojan-activity;sid:84483862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.42.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620761/; classtype:trojan-activity;sid:84483861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620760/; classtype:trojan-activity;sid:84483860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.193.24.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620759/; classtype:trojan-activity;sid:84483859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.101.61.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620757/; classtype:trojan-activity;sid:84483857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.26.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620758/; classtype:trojan-activity;sid:84483858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.230.21.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620756/; classtype:trojan-activity;sid:84483856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.42.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620755/; classtype:trojan-activity;sid:84483855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620754)"; flow:established,from_client; content:"GET"; http_method; content:"/asus.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.198.234.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620754/; classtype:trojan-activity;sid:84483854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620752)"; flow:established,from_client; content:"GET"; http_method; content:"/a/mipsel"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.198.234.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620752/; classtype:trojan-activity;sid:84483852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620753)"; flow:established,from_client; content:"GET"; http_method; content:"/a/armv5l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.198.234.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620753/; classtype:trojan-activity;sid:84483853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620751)"; flow:established,from_client; content:"GET"; http_method; content:"/a/i686"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.198.234.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620751/; classtype:trojan-activity;sid:84483851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620741)"; flow:established,from_client; content:"GET"; http_method; content:"/a/armv4l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.198.234.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620741/; classtype:trojan-activity;sid:84483841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620742)"; flow:established,from_client; content:"GET"; http_method; content:"/avtech.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.198.234.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620742/; classtype:trojan-activity;sid:84483842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620743)"; flow:established,from_client; content:"GET"; http_method; content:"/faith"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.198.234.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620743/; classtype:trojan-activity;sid:84483843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620744)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.198.234.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620744/; classtype:trojan-activity;sid:84483844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620745)"; flow:established,from_client; content:"GET"; http_method; content:"/a/mips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.198.234.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620745/; classtype:trojan-activity;sid:84483845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620746)"; flow:established,from_client; content:"GET"; http_method; content:"/a/powerpc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.198.234.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620746/; classtype:trojan-activity;sid:84483846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620747)"; flow:established,from_client; content:"GET"; http_method; content:"/a/aarch64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.198.234.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620747/; classtype:trojan-activity;sid:84483847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620748)"; flow:established,from_client; content:"GET"; http_method; content:"/cam"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.198.234.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620748/; classtype:trojan-activity;sid:84483848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620749)"; flow:established,from_client; content:"GET"; http_method; content:"/a/mips64"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.198.234.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620749/; classtype:trojan-activity;sid:84483849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620750)"; flow:established,from_client; content:"GET"; http_method; content:"/a/armv7l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.198.234.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620750/; classtype:trojan-activity;sid:84483850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.95.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620740/; classtype:trojan-activity;sid:84483840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.198.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620739/; classtype:trojan-activity;sid:84483839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.95.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620738/; classtype:trojan-activity;sid:84483838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.59.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620737/; classtype:trojan-activity;sid:84483837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620736)"; flow:established,from_client; content:"GET"; http_method; content:"/uqfkps6i7b.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jl.dovagua.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620736/; classtype:trojan-activity;sid:84483836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620735/; classtype:trojan-activity;sid:84483835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.95.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620734/; classtype:trojan-activity;sid:84483834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620733)"; flow:established,from_client; content:"GET"; http_method; content:"/v/mipsel"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.198.234.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620733/; classtype:trojan-activity;sid:84483833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620732/; classtype:trojan-activity;sid:84483832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.82.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620729/; classtype:trojan-activity;sid:84483829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.227.65.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620730/; classtype:trojan-activity;sid:84483830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.166.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620731/; classtype:trojan-activity;sid:84483831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.115.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620728/; classtype:trojan-activity;sid:84483828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620726)"; flow:established,from_client; content:"GET"; http_method; content:"/v/mips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.198.234.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620726/; classtype:trojan-activity;sid:84483826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.177.151.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620727/; classtype:trojan-activity;sid:84483827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.95.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620724/; classtype:trojan-activity;sid:84483824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.191.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620725/; classtype:trojan-activity;sid:84483825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.247.222.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620720/; classtype:trojan-activity;sid:84483820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.221.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620721/; classtype:trojan-activity;sid:84483821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.187.249.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620722/; classtype:trojan-activity;sid:84483822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.23.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620723/; classtype:trojan-activity;sid:84483823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.247.222.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620719/; classtype:trojan-activity;sid:84483819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.93.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620718/; classtype:trojan-activity;sid:84483818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.239.240.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620717/; classtype:trojan-activity;sid:84483817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620716)"; flow:established,from_client; content:"GET"; http_method; content:"/aucmh17dsg.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jl.dovagua.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620716/; classtype:trojan-activity;sid:84483816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.255.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620714/; classtype:trojan-activity;sid:84483814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.193.24.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620715/; classtype:trojan-activity;sid:84483815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.59.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620713/; classtype:trojan-activity;sid:84483813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620712/; classtype:trojan-activity;sid:84483812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620711)"; flow:established,from_client; content:"GET"; http_method; content:"/eg2t77f6o3.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jl.dovagua.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620711/; classtype:trojan-activity;sid:84483811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620704)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"196.251.80.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620704/; classtype:trojan-activity;sid:84483804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620705)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"196.251.80.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620705/; classtype:trojan-activity;sid:84483805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620706)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"196.251.80.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620706/; classtype:trojan-activity;sid:84483806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620707)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.80.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620707/; classtype:trojan-activity;sid:84483807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620708)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.80.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620708/; classtype:trojan-activity;sid:84483808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620709)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.80.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620709/; classtype:trojan-activity;sid:84483809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620710)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"196.251.80.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620710/; classtype:trojan-activity;sid:84483810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620703)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.80.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620703/; classtype:trojan-activity;sid:84483803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620702)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"196.251.80.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620702/; classtype:trojan-activity;sid:84483802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.168.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620701/; classtype:trojan-activity;sid:84483801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.121.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620700/; classtype:trojan-activity;sid:84483800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.30.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620698/; classtype:trojan-activity;sid:84483798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.190.241.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620699/; classtype:trojan-activity;sid:84483799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.52.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620697/; classtype:trojan-activity;sid:84483797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.8.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620696/; classtype:trojan-activity;sid:84483796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620695/; classtype:trojan-activity;sid:84483795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620694)"; flow:established,from_client; content:"GET"; http_method; content:"/svchostfw.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.49.9.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620694/; classtype:trojan-activity;sid:84483794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620692)"; flow:established,from_client; content:"GET"; http_method; content:"/svchostfw.sfx.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.49.9.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620692/; classtype:trojan-activity;sid:84483792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620693)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.49.9.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620693/; classtype:trojan-activity;sid:84483793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620690)"; flow:established,from_client; content:"GET"; http_method; content:"/svthost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.49.9.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620690/; classtype:trojan-activity;sid:84483790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620691)"; flow:established,from_client; content:"GET"; http_method; content:"/destroydefender.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.49.9.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620691/; classtype:trojan-activity;sid:84483791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620689)"; flow:established,from_client; content:"GET"; http_method; content:"/destroydefender.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.49.9.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620689/; classtype:trojan-activity;sid:84483789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620686)"; flow:established,from_client; content:"GET"; http_method; content:"/svchostfw.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.49.9.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620686/; classtype:trojan-activity;sid:84483786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620687)"; flow:established,from_client; content:"GET"; http_method; content:"/svchostfw.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.49.9.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620687/; classtype:trojan-activity;sid:84483787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620688)"; flow:established,from_client; content:"GET"; http_method; content:"/svchostfw.sfx.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.49.9.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620688/; classtype:trojan-activity;sid:84483788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620685)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.49.9.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620685/; classtype:trojan-activity;sid:84483785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620682)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.49.9.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620682/; classtype:trojan-activity;sid:84483782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620683)"; flow:established,from_client; content:"GET"; http_method; content:"/svthost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.49.9.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620683/; classtype:trojan-activity;sid:84483783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620684)"; flow:established,from_client; content:"GET"; http_method; content:"/svchostfw.sfx.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.49.9.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620684/; classtype:trojan-activity;sid:84483784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620680)"; flow:established,from_client; content:"GET"; http_method; content:"/destroydefender.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.49.9.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620680/; classtype:trojan-activity;sid:84483780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620681)"; flow:established,from_client; content:"GET"; http_method; content:"/svthost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.49.9.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620681/; classtype:trojan-activity;sid:84483781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.30.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620679/; classtype:trojan-activity;sid:84483779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620678)"; flow:established,from_client; content:"GET"; http_method; content:"/2dw5qw6pbf.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jl.dovagua.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620678/; classtype:trojan-activity;sid:84483778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.6.169.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620677/; classtype:trojan-activity;sid:84483777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.214.101.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620676/; classtype:trojan-activity;sid:84483776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.52.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620675/; classtype:trojan-activity;sid:84483775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.6.169.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620674/; classtype:trojan-activity;sid:84483774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.224.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620673/; classtype:trojan-activity;sid:84483773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620672)"; flow:established,from_client; content:"GET"; http_method; content:"/m/nn/9416d5a2c099f47d61db2a95ca5f2e03.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620672/; classtype:trojan-activity;sid:84483772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620670)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.252.90.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620670/; classtype:trojan-activity;sid:84483770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620671)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.252.90.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620671/; classtype:trojan-activity;sid:84483771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620669)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.252.90.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620669/; classtype:trojan-activity;sid:84483769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620666)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.252.90.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620666/; classtype:trojan-activity;sid:84483766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620667)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.252.90.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620667/; classtype:trojan-activity;sid:84483767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620668)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.252.90.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620668/; classtype:trojan-activity;sid:84483768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620662)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.252.90.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620662/; classtype:trojan-activity;sid:84483762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620663)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.252.90.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620663/; classtype:trojan-activity;sid:84483763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620664)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.252.90.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620664/; classtype:trojan-activity;sid:84483764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620665)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"212.115.41.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620665/; classtype:trojan-activity;sid:84483765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620657)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.252.90.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620657/; classtype:trojan-activity;sid:84483757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620658)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.252.90.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620658/; classtype:trojan-activity;sid:84483758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620659)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.252.90.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620659/; classtype:trojan-activity;sid:84483759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620660)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"212.115.41.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620660/; classtype:trojan-activity;sid:84483760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620661)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.252.90.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620661/; classtype:trojan-activity;sid:84483761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620655)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.252.90.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620655/; classtype:trojan-activity;sid:84483755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620656)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.252.90.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620656/; classtype:trojan-activity;sid:84483756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.144.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620654/; classtype:trojan-activity;sid:84483754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620651)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620651/; classtype:trojan-activity;sid:84483751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620652)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620652/; classtype:trojan-activity;sid:84483752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620653)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620653/; classtype:trojan-activity;sid:84483753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620638)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.181.187.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620638/; classtype:trojan-activity;sid:84483738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620639)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sparc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"5.181.187.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620639/; classtype:trojan-activity;sid:84483739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620640)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"194.87.128.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620640/; classtype:trojan-activity;sid:84483740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620641)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.149.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620641/; classtype:trojan-activity;sid:84483741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620642)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.149.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620642/; classtype:trojan-activity;sid:84483742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620643)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620643/; classtype:trojan-activity;sid:84483743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620644)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.149.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620644/; classtype:trojan-activity;sid:84483744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620645)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"194.87.128.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620645/; classtype:trojan-activity;sid:84483745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620646)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"176.65.149.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620646/; classtype:trojan-activity;sid:84483746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620647)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"194.87.128.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620647/; classtype:trojan-activity;sid:84483747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620648)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.84.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620648/; classtype:trojan-activity;sid:84483748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620649)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"194.87.128.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620649/; classtype:trojan-activity;sid:84483749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620650)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i468"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.155.94.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620650/; classtype:trojan-activity;sid:84483750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620637)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620637/; classtype:trojan-activity;sid:84483737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.153.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620636/; classtype:trojan-activity;sid:84483736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.214.101.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620635/; classtype:trojan-activity;sid:84483735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620630)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"46.38.138.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620630/; classtype:trojan-activity;sid:84483730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620631)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"46.38.138.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620631/; classtype:trojan-activity;sid:84483731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620632)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.38.138.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620632/; classtype:trojan-activity;sid:84483732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620633)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"46.38.138.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620633/; classtype:trojan-activity;sid:84483733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620634)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.38.138.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620634/; classtype:trojan-activity;sid:84483734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620623)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.38.138.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620623/; classtype:trojan-activity;sid:84483723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620624)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"46.38.138.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620624/; classtype:trojan-activity;sid:84483724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620625)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.38.138.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620625/; classtype:trojan-activity;sid:84483725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620626)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.38.138.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620626/; classtype:trojan-activity;sid:84483726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620627)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.38.138.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620627/; classtype:trojan-activity;sid:84483727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620628)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.38.138.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620628/; classtype:trojan-activity;sid:84483728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620629)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"46.38.138.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620629/; classtype:trojan-activity;sid:84483729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.212.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620622/; classtype:trojan-activity;sid:84483722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.10.10.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620621/; classtype:trojan-activity;sid:84483721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.195.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620620/; classtype:trojan-activity;sid:84483720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620619)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620619/; classtype:trojan-activity;sid:84483719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620618)"; flow:established,from_client; content:"GET"; http_method; content:"/ncs4dllx3j.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jl.dovagua.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620618/; classtype:trojan-activity;sid:84483718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620611)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"2.58.113.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620611/; classtype:trojan-activity;sid:84483711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620612)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.armv6l"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"2.58.113.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620612/; classtype:trojan-activity;sid:84483712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620613)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"2.58.113.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620613/; classtype:trojan-activity;sid:84483713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620614)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.armv5l"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"2.58.113.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620614/; classtype:trojan-activity;sid:84483714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620615)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"2.58.113.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620615/; classtype:trojan-activity;sid:84483715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620616)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.sparc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"2.58.113.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620616/; classtype:trojan-activity;sid:84483716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620617)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.armv7l"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"2.58.113.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620617/; classtype:trojan-activity;sid:84483717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620609)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.i586"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"2.58.113.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620609/; classtype:trojan-activity;sid:84483709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620610)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.armv4l"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"2.58.113.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620610/; classtype:trojan-activity;sid:84483710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620607)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"2.58.113.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620607/; classtype:trojan-activity;sid:84483707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620608)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"2.58.113.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620608/; classtype:trojan-activity;sid:84483708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.143.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620606/; classtype:trojan-activity;sid:84483706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620595)"; flow:established,from_client; content:"GET"; http_method; content:"/release/x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"2.58.113.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620595/; classtype:trojan-activity;sid:84483695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620596)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.i686"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2.58.113.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620596/; classtype:trojan-activity;sid:84483696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620597)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv5l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"2.58.113.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620597/; classtype:trojan-activity;sid:84483697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620598)"; flow:established,from_client; content:"GET"; http_method; content:"/release/mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"2.58.113.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620598/; classtype:trojan-activity;sid:84483698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620599)"; flow:established,from_client; content:"GET"; http_method; content:"/release/arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"2.58.113.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620599/; classtype:trojan-activity;sid:84483699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620600)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv6l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"2.58.113.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620600/; classtype:trojan-activity;sid:84483700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620601)"; flow:established,from_client; content:"GET"; http_method; content:"/release/arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"2.58.113.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620601/; classtype:trojan-activity;sid:84483701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620602)"; flow:established,from_client; content:"GET"; http_method; content:"/release/mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"2.58.113.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620602/; classtype:trojan-activity;sid:84483702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620603)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv4l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"2.58.113.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620603/; classtype:trojan-activity;sid:84483703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620604)"; flow:established,from_client; content:"GET"; http_method; content:"/release/arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"2.58.113.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620604/; classtype:trojan-activity;sid:84483704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620605)"; flow:established,from_client; content:"GET"; http_method; content:"/release/debug"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"2.58.113.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620605/; classtype:trojan-activity;sid:84483705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620594)"; flow:established,from_client; content:"GET"; http_method; content:"/ru/download/stealer.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"spurdoverse.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620594/; classtype:trojan-activity;sid:84483694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620592)"; flow:established,from_client; content:"GET"; http_method; content:"/q213fd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.55.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620592/; classtype:trojan-activity;sid:84483692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620593)"; flow:established,from_client; content:"GET"; http_method; content:"/x1234.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.55.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620593/; classtype:trojan-activity;sid:84483693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620591)"; flow:established,from_client; content:"GET"; http_method; content:"/m/rshell"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620591/; classtype:trojan-activity;sid:84483691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620589)"; flow:established,from_client; content:"GET"; http_method; content:"/m/nn/lol.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620589/; classtype:trojan-activity;sid:84483689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620590)"; flow:established,from_client; content:"GET"; http_method; content:"/m/nn/skid.aarch64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620590/; classtype:trojan-activity;sid:84483690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620585)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5439649431/zs5defp.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620585/; classtype:trojan-activity;sid:84483685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620586)"; flow:established,from_client; content:"GET"; http_method; content:"/m/moobs"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620586/; classtype:trojan-activity;sid:84483686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620587)"; flow:established,from_client; content:"GET"; http_method; content:"/m/rshell.go"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620587/; classtype:trojan-activity;sid:84483687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620588)"; flow:established,from_client; content:"GET"; http_method; content:"/m/nn/skid.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620588/; classtype:trojan-activity;sid:84483688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620573)"; flow:established,from_client; content:"GET"; http_method; content:"/m/i.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620573/; classtype:trojan-activity;sid:84483673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620574)"; flow:established,from_client; content:"GET"; http_method; content:"/s244.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.55.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620574/; classtype:trojan-activity;sid:84483674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620575)"; flow:established,from_client; content:"GET"; http_method; content:"/m/nn/lol.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620575/; classtype:trojan-activity;sid:84483675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620576)"; flow:established,from_client; content:"GET"; http_method; content:"/m/nn/rep/skid.arm5"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620576/; classtype:trojan-activity;sid:84483676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620577)"; flow:established,from_client; content:"GET"; http_method; content:"/m/nn/skid.arc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620577/; classtype:trojan-activity;sid:84483677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620578)"; flow:established,from_client; content:"GET"; http_method; content:"/m/nn/skid.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620578/; classtype:trojan-activity;sid:84483678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620579)"; flow:established,from_client; content:"GET"; http_method; content:"/m/nn/rep/skid.mpsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620579/; classtype:trojan-activity;sid:84483679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620580)"; flow:established,from_client; content:"GET"; http_method; content:"/m/nn/lol.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620580/; classtype:trojan-activity;sid:84483680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620581)"; flow:established,from_client; content:"GET"; http_method; content:"/m/nn/rep/skid.arm7"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620581/; classtype:trojan-activity;sid:84483681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620582)"; flow:established,from_client; content:"GET"; http_method; content:"/m/arm5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620582/; classtype:trojan-activity;sid:84483682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620583)"; flow:established,from_client; content:"GET"; http_method; content:"/m/nn/skid.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620583/; classtype:trojan-activity;sid:84483683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620584)"; flow:established,from_client; content:"GET"; http_method; content:"/m/mpsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620584/; classtype:trojan-activity;sid:84483684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620572)"; flow:established,from_client; content:"GET"; http_method; content:"/m/m.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620572/; classtype:trojan-activity;sid:84483672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620569)"; flow:established,from_client; content:"GET"; http_method; content:"/m/nn/rep/skid.aarch64"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620569/; classtype:trojan-activity;sid:84483669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620570)"; flow:established,from_client; content:"GET"; http_method; content:"/m/f.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620570/; classtype:trojan-activity;sid:84483670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620571)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.87.128.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620571/; classtype:trojan-activity;sid:84483671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620559)"; flow:established,from_client; content:"GET"; http_method; content:"/m/nn/rep/skid.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620559/; classtype:trojan-activity;sid:84483659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620560)"; flow:established,from_client; content:"GET"; http_method; content:"/m/nn/lol.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620560/; classtype:trojan-activity;sid:84483660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620561)"; flow:established,from_client; content:"GET"; http_method; content:"/m/nn/rep/skid.arc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620561/; classtype:trojan-activity;sid:84483661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620562)"; flow:established,from_client; content:"GET"; http_method; content:"/m/nn/skid.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620562/; classtype:trojan-activity;sid:84483662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620563)"; flow:established,from_client; content:"GET"; http_method; content:"/m/nn/rep/skid.arm"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620563/; classtype:trojan-activity;sid:84483663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620564)"; flow:established,from_client; content:"GET"; http_method; content:"/m/arm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620564/; classtype:trojan-activity;sid:84483664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620565)"; flow:established,from_client; content:"GET"; http_method; content:"/m/arm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620565/; classtype:trojan-activity;sid:84483665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620566)"; flow:established,from_client; content:"GET"; http_method; content:"/m/nn/lol.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620566/; classtype:trojan-activity;sid:84483666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620567)"; flow:established,from_client; content:"GET"; http_method; content:"/m/nn/skid.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620567/; classtype:trojan-activity;sid:84483667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620568)"; flow:established,from_client; content:"GET"; http_method; content:"/m/arm4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620568/; classtype:trojan-activity;sid:84483668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620558)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5968325780/lrajtqd.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620558/; classtype:trojan-activity;sid:84483658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620557)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6723359323/lmdfxrt.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620557/; classtype:trojan-activity;sid:84483657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620556)"; flow:established,from_client; content:"GET"; http_method; content:"/files/lastplayer/random.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620556/; classtype:trojan-activity;sid:84483656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620555)"; flow:established,from_client; content:"GET"; http_method; content:"/mk2k20ajw7kairt1mg88vt1at9vwu5azn9akyys2qbnbnxv3ph/yer2kp0jebhsddvcs9cwnhbkugdxcem9kqxlwfadhgmkyw7fzq.exe"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"178.16.53.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620555/; classtype:trojan-activity;sid:84483655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620553)"; flow:established,from_client; content:"GET"; http_method; content:"/mk2k20ajw7kairt1mg88vt1at9vwu5azn9akyys2qbnbnxv3ph/mr5jffcvzvzar7ivtoqbfoizsmpezngqoxaypg38ox6k48cqpt.exe"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"178.16.53.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620553/; classtype:trojan-activity;sid:84483653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620554)"; flow:established,from_client; content:"GET"; http_method; content:"/l843.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.55.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620554/; classtype:trojan-activity;sid:84483654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620552)"; flow:established,from_client; content:"GET"; http_method; content:"/n8388.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.55.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620552/; classtype:trojan-activity;sid:84483652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.15.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620551/; classtype:trojan-activity;sid:84483651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.21.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620550/; classtype:trojan-activity;sid:84483650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.126.86.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620549/; classtype:trojan-activity;sid:84483649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.212.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620547/; classtype:trojan-activity;sid:84483647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.144.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620548/; classtype:trojan-activity;sid:84483648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.235.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620546/; classtype:trojan-activity;sid:84483646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.48.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620545/; classtype:trojan-activity;sid:84483645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620544)"; flow:established,from_client; content:"GET"; http_method; content:"/giga"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620544/; classtype:trojan-activity;sid:84483644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620543)"; flow:established,from_client; content:"GET"; http_method; content:"/xp"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620543/; classtype:trojan-activity;sid:84483643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620542)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620542/; classtype:trojan-activity;sid:84483642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620541)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620541/; classtype:trojan-activity;sid:84483641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620537)"; flow:established,from_client; content:"GET"; http_method; content:"/bl"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620537/; classtype:trojan-activity;sid:84483637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620538)"; flow:established,from_client; content:"GET"; http_method; content:"/hy"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620538/; classtype:trojan-activity;sid:84483638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620539)"; flow:established,from_client; content:"GET"; http_method; content:"/g.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620539/; classtype:trojan-activity;sid:84483639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620540)"; flow:established,from_client; content:"GET"; http_method; content:"/bob"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620540/; classtype:trojan-activity;sid:84483640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620534)"; flow:established,from_client; content:"GET"; http_method; content:"/ftpget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620534/; classtype:trojan-activity;sid:84483634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620535)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620535/; classtype:trojan-activity;sid:84483635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620536)"; flow:established,from_client; content:"GET"; http_method; content:"/q.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620536/; classtype:trojan-activity;sid:84483636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620533)"; flow:established,from_client; content:"GET"; http_method; content:"/rev"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620533/; classtype:trojan-activity;sid:84483633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620532)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620532/; classtype:trojan-activity;sid:84483632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620530)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620530/; classtype:trojan-activity;sid:84483630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620531)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620531/; classtype:trojan-activity;sid:84483631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.143.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620529/; classtype:trojan-activity;sid:84483629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620528)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620528/; classtype:trojan-activity;sid:84483628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620527)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620527/; classtype:trojan-activity;sid:84483627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620523)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620523/; classtype:trojan-activity;sid:84483623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620524)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620524/; classtype:trojan-activity;sid:84483624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620525)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620525/; classtype:trojan-activity;sid:84483625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620526)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620526/; classtype:trojan-activity;sid:84483626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620518)"; flow:established,from_client; content:"GET"; http_method; content:"/ak"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620518/; classtype:trojan-activity;sid:84483618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620519)"; flow:established,from_client; content:"GET"; http_method; content:"/harm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620519/; classtype:trojan-activity;sid:84483619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620520)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620520/; classtype:trojan-activity;sid:84483620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620521)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620521/; classtype:trojan-activity;sid:84483621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620522)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620522/; classtype:trojan-activity;sid:84483622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620516)"; flow:established,from_client; content:"GET"; http_method; content:"/confident_string.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"180.131.145.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620516/; classtype:trojan-activity;sid:84483616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620517)"; flow:established,from_client; content:"GET"; http_method; content:"/weak_request.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"180.131.145.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620517/; classtype:trojan-activity;sid:84483617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620515)"; flow:established,from_client; content:"GET"; http_method; content:"/sch.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"180.131.145.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620515/; classtype:trojan-activity;sid:84483615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620514)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/2022%20roma/video.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"151.25.171.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620514/; classtype:trojan-activity;sid:84483614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620513)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.25.171.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620513/; classtype:trojan-activity;sid:84483613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.38.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620512/; classtype:trojan-activity;sid:84483612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.212.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620511/; classtype:trojan-activity;sid:84483611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620510)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.25.171.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620510/; classtype:trojan-activity;sid:84483610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620507)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.25.171.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620507/; classtype:trojan-activity;sid:84483607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620508)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.25.171.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620508/; classtype:trojan-activity;sid:84483608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620509)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/2022%20roma/photo.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"151.25.171.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620509/; classtype:trojan-activity;sid:84483609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620506)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/2022%20roma/video.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"151.25.171.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620506/; classtype:trojan-activity;sid:84483606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620504)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/2022%20roma/av.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"151.25.171.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620504/; classtype:trojan-activity;sid:84483604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620505)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.25.171.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620505/; classtype:trojan-activity;sid:84483605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620501)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/2022%20roma/av.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"151.25.171.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620501/; classtype:trojan-activity;sid:84483601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620502)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.25.171.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620502/; classtype:trojan-activity;sid:84483602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620503)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/2022%20roma/photo.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"151.25.171.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620503/; classtype:trojan-activity;sid:84483603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620500)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620500/; classtype:trojan-activity;sid:84483600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620499)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620499/; classtype:trojan-activity;sid:84483599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620491)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620491/; classtype:trojan-activity;sid:84483591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620492)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620492/; classtype:trojan-activity;sid:84483592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620493)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620493/; classtype:trojan-activity;sid:84483593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620494)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620494/; classtype:trojan-activity;sid:84483594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620495)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620495/; classtype:trojan-activity;sid:84483595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620496)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620496/; classtype:trojan-activity;sid:84483596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620497)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620497/; classtype:trojan-activity;sid:84483597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620498)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620498/; classtype:trojan-activity;sid:84483598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620489)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620489/; classtype:trojan-activity;sid:84483589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620490)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620490/; classtype:trojan-activity;sid:84483590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620488)"; flow:established,from_client; content:"GET"; http_method; content:"/rondo.sbx.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.194.191.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620488/; classtype:trojan-activity;sid:84483588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.187.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620487/; classtype:trojan-activity;sid:84483587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.126.86.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620486/; classtype:trojan-activity;sid:84483586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.31.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620485/; classtype:trojan-activity;sid:84483585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.69.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620484/; classtype:trojan-activity;sid:84483584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.211.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620483/; classtype:trojan-activity;sid:84483583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.221.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620482/; classtype:trojan-activity;sid:84483582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.0.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620481/; classtype:trojan-activity;sid:84483581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.31.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620479/; classtype:trojan-activity;sid:84483579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.135.180.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620480/; classtype:trojan-activity;sid:84483580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.219.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620478/; classtype:trojan-activity;sid:84483578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.49.159"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620477/; classtype:trojan-activity;sid:84483577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.0.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620476/; classtype:trojan-activity;sid:84483576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620475)"; flow:established,from_client; content:"GET"; http_method; content:"/d5f4ecnzwk.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jl.dovagua.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620475/; classtype:trojan-activity;sid:84483575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.227.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620474/; classtype:trojan-activity;sid:84483574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.108.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620473/; classtype:trojan-activity;sid:84483573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.219.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620472/; classtype:trojan-activity;sid:84483572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.202.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620471/; classtype:trojan-activity;sid:84483571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.49.159"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620470/; classtype:trojan-activity;sid:84483570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.196.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620469/; classtype:trojan-activity;sid:84483569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620468)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6335391544/17aj1ae.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620468/; classtype:trojan-activity;sid:84483568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.202.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620467/; classtype:trojan-activity;sid:84483567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.128.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620466/; classtype:trojan-activity;sid:84483566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.108.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620465/; classtype:trojan-activity;sid:84483565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.196.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620464/; classtype:trojan-activity;sid:84483564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.143.171.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620463/; classtype:trojan-activity;sid:84483563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.218.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620462/; classtype:trojan-activity;sid:84483562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.189.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620461/; classtype:trojan-activity;sid:84483561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.190.241.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620460/; classtype:trojan-activity;sid:84483560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.81.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620459/; classtype:trojan-activity;sid:84483559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.240.248.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620458/; classtype:trojan-activity;sid:84483558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.135.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620457/; classtype:trojan-activity;sid:84483557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620456/; classtype:trojan-activity;sid:84483556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.146.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620455/; classtype:trojan-activity;sid:84483555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.1.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620454/; classtype:trojan-activity;sid:84483554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620453)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.239.33.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620453/; classtype:trojan-activity;sid:84483553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.50.57.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620452/; classtype:trojan-activity;sid:84483552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.103.202.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620451/; classtype:trojan-activity;sid:84483551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.214.18.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620450/; classtype:trojan-activity;sid:84483550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.199.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620449/; classtype:trojan-activity;sid:84483549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.135.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620448/; classtype:trojan-activity;sid:84483548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.81.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620447/; classtype:trojan-activity;sid:84483547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.240.248.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620446/; classtype:trojan-activity;sid:84483546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620445/; classtype:trojan-activity;sid:84483545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.31.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620444/; classtype:trojan-activity;sid:84483544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.216.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620443/; classtype:trojan-activity;sid:84483543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.212.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620442/; classtype:trojan-activity;sid:84483542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.31.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620441/; classtype:trojan-activity;sid:84483541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.29.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620439/; classtype:trojan-activity;sid:84483539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620440/; classtype:trojan-activity;sid:84483540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.212.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620438/; classtype:trojan-activity;sid:84483538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.255.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620437/; classtype:trojan-activity;sid:84483537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.104.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620436/; classtype:trojan-activity;sid:84483536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.23.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620434/; classtype:trojan-activity;sid:84483534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.51.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620435/; classtype:trojan-activity;sid:84483535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.124.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620433/; classtype:trojan-activity;sid:84483533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.65.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620432/; classtype:trojan-activity;sid:84483532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.8.173.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620431/; classtype:trojan-activity;sid:84483531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.104.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620429/; classtype:trojan-activity;sid:84483529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.49.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620430/; classtype:trojan-activity;sid:84483530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.51.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620428/; classtype:trojan-activity;sid:84483528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.172.80.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620427/; classtype:trojan-activity;sid:84483527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.254.85.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620426/; classtype:trojan-activity;sid:84483526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620425)"; flow:established,from_client; content:"GET"; http_method; content:"/0plbqus7ej.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jl.dovagua.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620425/; classtype:trojan-activity;sid:84483525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.233.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620424/; classtype:trojan-activity;sid:84483524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.246.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620423/; classtype:trojan-activity;sid:84483523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.49.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620422/; classtype:trojan-activity;sid:84483522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.8.173.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620421/; classtype:trojan-activity;sid:84483521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.105.78.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620420/; classtype:trojan-activity;sid:84483520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.59.38.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620419/; classtype:trojan-activity;sid:84483519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.246.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620418/; classtype:trojan-activity;sid:84483518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.233.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620417/; classtype:trojan-activity;sid:84483517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.100.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620416/; classtype:trojan-activity;sid:84483516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.172.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620415/; classtype:trojan-activity;sid:84483515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.59.38.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620413/; classtype:trojan-activity;sid:84483513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.105.78.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620414/; classtype:trojan-activity;sid:84483514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.216.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620412/; classtype:trojan-activity;sid:84483512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.100.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620411/; classtype:trojan-activity;sid:84483511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.48.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620410/; classtype:trojan-activity;sid:84483510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.216.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620409/; classtype:trojan-activity;sid:84483509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.178.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620408/; classtype:trojan-activity;sid:84483508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.172.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620407/; classtype:trojan-activity;sid:84483507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.135.180.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620406/; classtype:trojan-activity;sid:84483506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.187.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620405/; classtype:trojan-activity;sid:84483505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.116.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620404/; classtype:trojan-activity;sid:84483504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.83.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620403/; classtype:trojan-activity;sid:84483503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.89.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620402/; classtype:trojan-activity;sid:84483502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.89.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620401/; classtype:trojan-activity;sid:84483501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.53.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620400/; classtype:trojan-activity;sid:84483500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.28.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620399/; classtype:trojan-activity;sid:84483499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.116.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620398/; classtype:trojan-activity;sid:84483498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.94.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620397/; classtype:trojan-activity;sid:84483497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.164.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620396/; classtype:trojan-activity;sid:84483496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.91.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620395/; classtype:trojan-activity;sid:84483495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.28.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620394/; classtype:trojan-activity;sid:84483494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.231.234.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620393/; classtype:trojan-activity;sid:84483493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.221.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620392/; classtype:trojan-activity;sid:84483492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620391/; classtype:trojan-activity;sid:84483491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.91.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620390/; classtype:trojan-activity;sid:84483490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.139.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620389/; classtype:trojan-activity;sid:84483489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.225.49.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620387/; classtype:trojan-activity;sid:84483487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.15.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620388/; classtype:trojan-activity;sid:84483488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.227.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620386/; classtype:trojan-activity;sid:84483486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.231.234.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620385/; classtype:trojan-activity;sid:84483485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.160.125.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620384/; classtype:trojan-activity;sid:84483484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.146.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620383/; classtype:trojan-activity;sid:84483483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.225.49.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620382/; classtype:trojan-activity;sid:84483482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620381)"; flow:established,from_client; content:"GET"; http_method; content:"/6w6xsibgyl.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bp.muzodoa.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620381/; classtype:trojan-activity;sid:84483481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.221.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620380/; classtype:trojan-activity;sid:84483480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.32.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620379/; classtype:trojan-activity;sid:84483479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620378)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.160.125.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620378/; classtype:trojan-activity;sid:84483478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.194.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620377/; classtype:trojan-activity;sid:84483477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620376)"; flow:established,from_client; content:"GET"; http_method; content:"/gzwcimow6g.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bp.muzodoa.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620376/; classtype:trojan-activity;sid:84483476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.225.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620375/; classtype:trojan-activity;sid:84483475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.181.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620374/; classtype:trojan-activity;sid:84483474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.32.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620373/; classtype:trojan-activity;sid:84483473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.194.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620372/; classtype:trojan-activity;sid:84483472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.58.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620371/; classtype:trojan-activity;sid:84483471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.230.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620370/; classtype:trojan-activity;sid:84483470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.51.87"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620369/; classtype:trojan-activity;sid:84483469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620368)"; flow:established,from_client; content:"GET"; http_method; content:"/a11mok6shc.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bp.muzodoa.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620368/; classtype:trojan-activity;sid:84483468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.141.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620367/; classtype:trojan-activity;sid:84483467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.225.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620366/; classtype:trojan-activity;sid:84483466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.146.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620365/; classtype:trojan-activity;sid:84483465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.1.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620364/; classtype:trojan-activity;sid:84483464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.78.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620363/; classtype:trojan-activity;sid:84483463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.58.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620362/; classtype:trojan-activity;sid:84483462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620361)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"194.87.128.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620361/; classtype:trojan-activity;sid:84483461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.99.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620360/; classtype:trojan-activity;sid:84483460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.76.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620359/; classtype:trojan-activity;sid:84483459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620356)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.247.222.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620356/; classtype:trojan-activity;sid:84483456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620357)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"194.87.128.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620357/; classtype:trojan-activity;sid:84483457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620358)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"194.87.128.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620358/; classtype:trojan-activity;sid:84483458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.181.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620355/; classtype:trojan-activity;sid:84483455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620353)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.245.236.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620353/; classtype:trojan-activity;sid:84483453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.116.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620354/; classtype:trojan-activity;sid:84483454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620352)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"194.87.128.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620352/; classtype:trojan-activity;sid:84483452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.129.251.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620350/; classtype:trojan-activity;sid:84483450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.172.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620351/; classtype:trojan-activity;sid:84483451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620346)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"194.87.128.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620346/; classtype:trojan-activity;sid:84483446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620347)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"194.87.128.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620347/; classtype:trojan-activity;sid:84483447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620348)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"194.87.128.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620348/; classtype:trojan-activity;sid:84483448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620349)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"194.87.128.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620349/; classtype:trojan-activity;sid:84483449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620345)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"194.87.128.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620345/; classtype:trojan-activity;sid:84483445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620344)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"194.87.128.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620344/; classtype:trojan-activity;sid:84483444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.164.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620343/; classtype:trojan-activity;sid:84483443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620342)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"194.87.128.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620342/; classtype:trojan-activity;sid:84483442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.239.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620341/; classtype:trojan-activity;sid:84483441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.133.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620340/; classtype:trojan-activity;sid:84483440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.141.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620339/; classtype:trojan-activity;sid:84483439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.203.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620338/; classtype:trojan-activity;sid:84483438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.1.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620337/; classtype:trojan-activity;sid:84483437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620336)"; flow:established,from_client; content:"GET"; http_method; content:"/odaj1dzmk7.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bp.muzodoa.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620336/; classtype:trojan-activity;sid:84483436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.177.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620335/; classtype:trojan-activity;sid:84483435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.204.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620334/; classtype:trojan-activity;sid:84483434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.78.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620333/; classtype:trojan-activity;sid:84483433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.69.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620332/; classtype:trojan-activity;sid:84483432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.133.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620331/; classtype:trojan-activity;sid:84483431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.203.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620330/; classtype:trojan-activity;sid:84483430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.179.249.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620329/; classtype:trojan-activity;sid:84483429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.156.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620328/; classtype:trojan-activity;sid:84483428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.163.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620327/; classtype:trojan-activity;sid:84483427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620325)"; flow:established,from_client; content:"GET"; http_method; content:"/silrp5kydk.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bp.muzodoa.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620325/; classtype:trojan-activity;sid:84483425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.48.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620324/; classtype:trojan-activity;sid:84483424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.79.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620323/; classtype:trojan-activity;sid:84483423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620322)"; flow:established,from_client; content:"GET"; http_method; content:"/zsd47yedoi.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bp.muzodoa.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620322/; classtype:trojan-activity;sid:84483422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.81.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620321/; classtype:trojan-activity;sid:84483421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.1.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620320/; classtype:trojan-activity;sid:84483420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.4.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620319/; classtype:trojan-activity;sid:84483419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.248.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620318/; classtype:trojan-activity;sid:84483418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.48.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620317/; classtype:trojan-activity;sid:84483417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.81.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620316/; classtype:trojan-activity;sid:84483416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.23.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620315/; classtype:trojan-activity;sid:84483415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.86.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620314/; classtype:trojan-activity;sid:84483414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.70.167.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620313/; classtype:trojan-activity;sid:84483413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.1.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620312/; classtype:trojan-activity;sid:84483412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.147.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620311/; classtype:trojan-activity;sid:84483411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.38.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620310/; classtype:trojan-activity;sid:84483410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.86.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620309/; classtype:trojan-activity;sid:84483409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.147.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620308/; classtype:trojan-activity;sid:84483408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620307)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.40.118.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620307/; classtype:trojan-activity;sid:84483407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620306)"; flow:established,from_client; content:"GET"; http_method; content:"/sl16p1y3fw.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zod.fypufea.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620306/; classtype:trojan-activity;sid:84483406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.89.169.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620305/; classtype:trojan-activity;sid:84483405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.176.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620304/; classtype:trojan-activity;sid:84483404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.180.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620303/; classtype:trojan-activity;sid:84483403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.219.134.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620302/; classtype:trojan-activity;sid:84483402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620301)"; flow:established,from_client; content:"GET"; http_method; content:"/winlicen.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"101.43.156.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620301/; classtype:trojan-activity;sid:84483401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620300/; classtype:trojan-activity;sid:84483400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.176.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620298/; classtype:trojan-activity;sid:84483398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.199.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620299/; classtype:trojan-activity;sid:84483399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.92.76.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620297/; classtype:trojan-activity;sid:84483397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.117.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620296/; classtype:trojan-activity;sid:84483396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.192.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620295/; classtype:trojan-activity;sid:84483395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.34.109.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620294/; classtype:trojan-activity;sid:84483394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.219.134.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620293/; classtype:trojan-activity;sid:84483393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.30.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620292/; classtype:trojan-activity;sid:84483392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620291)"; flow:established,from_client; content:"GET"; http_method; content:"/z2fu26ljla.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zod.fypufea.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620291/; classtype:trojan-activity;sid:84483391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620290/; classtype:trojan-activity;sid:84483390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.178.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620289/; classtype:trojan-activity;sid:84483389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.117.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620288/; classtype:trojan-activity;sid:84483388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.192.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620287/; classtype:trojan-activity;sid:84483387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.34.109.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620286/; classtype:trojan-activity;sid:84483386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620285)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/document-101300265.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.219.7.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620285/; classtype:trojan-activity;sid:84483385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.51.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620284/; classtype:trojan-activity;sid:84483384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620272)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.20.103.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620272/; classtype:trojan-activity;sid:84483372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620273)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.20.103.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620273/; classtype:trojan-activity;sid:84483373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620274)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.20.103.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620274/; classtype:trojan-activity;sid:84483374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620275)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.20.103.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620275/; classtype:trojan-activity;sid:84483375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620276)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.20.103.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620276/; classtype:trojan-activity;sid:84483376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620277)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.20.103.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620277/; classtype:trojan-activity;sid:84483377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620278)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.20.103.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620278/; classtype:trojan-activity;sid:84483378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620279)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.20.103.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620279/; classtype:trojan-activity;sid:84483379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620280)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.20.103.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620280/; classtype:trojan-activity;sid:84483380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620281)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.20.103.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620281/; classtype:trojan-activity;sid:84483381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620282)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.20.103.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620282/; classtype:trojan-activity;sid:84483382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620283)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.20.103.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620283/; classtype:trojan-activity;sid:84483383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.30.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620271/; classtype:trojan-activity;sid:84483371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.212.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620270/; classtype:trojan-activity;sid:84483370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620269/; classtype:trojan-activity;sid:84483369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620268)"; flow:established,from_client; content:"GET"; http_method; content:"/li2qjpe8b4.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zod.fypufea.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620268/; classtype:trojan-activity;sid:84483368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.178.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620267/; classtype:trojan-activity;sid:84483367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.252.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620266/; classtype:trojan-activity;sid:84483366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.146.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620265/; classtype:trojan-activity;sid:84483365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620264)"; flow:established,from_client; content:"GET"; http_method; content:"/htfw6bbsdv.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tma.penodoa.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620264/; classtype:trojan-activity;sid:84483364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.53.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620263/; classtype:trojan-activity;sid:84483363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.95.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620262/; classtype:trojan-activity;sid:84483362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620261)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"p1611192-mobac01.tokyo.ocn.ne.jp"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620261/; classtype:trojan-activity;sid:84483361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.221.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620260/; classtype:trojan-activity;sid:84483360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620259)"; flow:established,from_client; content:"GET"; http_method; content:"/shr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620259/; classtype:trojan-activity;sid:84483359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620258)"; flow:established,from_client; content:"GET"; http_method; content:"/netis"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620258/; classtype:trojan-activity;sid:84483358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620246)"; flow:established,from_client; content:"GET"; http_method; content:"/shk"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620246/; classtype:trojan-activity;sid:84483346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620247)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620247/; classtype:trojan-activity;sid:84483347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620248)"; flow:established,from_client; content:"GET"; http_method; content:"/bbcl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620248/; classtype:trojan-activity;sid:84483348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620249)"; flow:established,from_client; content:"GET"; http_method; content:"/d"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620249/; classtype:trojan-activity;sid:84483349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620250)"; flow:established,from_client; content:"GET"; http_method; content:"/bwwg"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620250/; classtype:trojan-activity;sid:84483350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620251)"; flow:established,from_client; content:"GET"; http_method; content:"/wwg"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620251/; classtype:trojan-activity;sid:84483351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620252)"; flow:established,from_client; content:"GET"; http_method; content:"/link"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620252/; classtype:trojan-activity;sid:84483352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620253)"; flow:established,from_client; content:"GET"; http_method; content:"/ccl"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620253/; classtype:trojan-activity;sid:84483353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620254)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620254/; classtype:trojan-activity;sid:84483354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620255)"; flow:established,from_client; content:"GET"; http_method; content:"/tbk"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620255/; classtype:trojan-activity;sid:84483355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620256)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620256/; classtype:trojan-activity;sid:84483356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620257)"; flow:established,from_client; content:"GET"; http_method; content:"/pdr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620257/; classtype:trojan-activity;sid:84483357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620245)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.252.90.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620245/; classtype:trojan-activity;sid:84483345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620225)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"documentzweqz.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620225/; classtype:trojan-activity;sid:84483325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620226)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"documentzweqz.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620226/; classtype:trojan-activity;sid:84483326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620227)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"documentzweqz.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620227/; classtype:trojan-activity;sid:84483327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620228)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620228/; classtype:trojan-activity;sid:84483328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620229)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620229/; classtype:trojan-activity;sid:84483329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620230)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620230/; classtype:trojan-activity;sid:84483330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620231)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620231/; classtype:trojan-activity;sid:84483331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620232)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"documentzweqz.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620232/; classtype:trojan-activity;sid:84483332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620233)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620233/; classtype:trojan-activity;sid:84483333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620234)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"documentzweqz.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620234/; classtype:trojan-activity;sid:84483334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620235)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"documentzweqz.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620235/; classtype:trojan-activity;sid:84483335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620236)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620236/; classtype:trojan-activity;sid:84483336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620237)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"documentzweqz.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620237/; classtype:trojan-activity;sid:84483337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620238)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620238/; classtype:trojan-activity;sid:84483338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620239)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620239/; classtype:trojan-activity;sid:84483339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620240)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620240/; classtype:trojan-activity;sid:84483340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620241)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620241/; classtype:trojan-activity;sid:84483341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620242)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"documentzweqz.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620242/; classtype:trojan-activity;sid:84483342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620243)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620243/; classtype:trojan-activity;sid:84483343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620244)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"documentzweqz.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620244/; classtype:trojan-activity;sid:84483344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620224)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620224/; classtype:trojan-activity;sid:84483324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620223)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"documentzweqz.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620223/; classtype:trojan-activity;sid:84483323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620222)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"documentzweqz.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620222/; classtype:trojan-activity;sid:84483322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620214)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620214/; classtype:trojan-activity;sid:84483314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620215)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"documentzweqz.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620215/; classtype:trojan-activity;sid:84483315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620216)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"documentzweqz.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620216/; classtype:trojan-activity;sid:84483316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620217)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620217/; classtype:trojan-activity;sid:84483317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620218)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"documentzweqz.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620218/; classtype:trojan-activity;sid:84483318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620219)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620219/; classtype:trojan-activity;sid:84483319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620220)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"196.251.84.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620220/; classtype:trojan-activity;sid:84483320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620221)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.84.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620221/; classtype:trojan-activity;sid:84483321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620211)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"documentzweqz.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620211/; classtype:trojan-activity;sid:84483311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620212)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"documentzweqz.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620212/; classtype:trojan-activity;sid:84483312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620213)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620213/; classtype:trojan-activity;sid:84483313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620210)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"uranium.ddns.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620210/; classtype:trojan-activity;sid:84483310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620209)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"uranium.ddns.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620209/; classtype:trojan-activity;sid:84483309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620207)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"uranium.ddns.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620207/; classtype:trojan-activity;sid:84483307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620208)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"uranium.ddns.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620208/; classtype:trojan-activity;sid:84483308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620205)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"uranium.ddns.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620205/; classtype:trojan-activity;sid:84483305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620206)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"uranium.ddns.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620206/; classtype:trojan-activity;sid:84483306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620195)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"uranium.ddns.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620195/; classtype:trojan-activity;sid:84483295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620196)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"uranium.ddns.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620196/; classtype:trojan-activity;sid:84483296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620197)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"uranium.ddns.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620197/; classtype:trojan-activity;sid:84483297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620198)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"uranium.ddns.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620198/; classtype:trojan-activity;sid:84483298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620199)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"uranium.ddns.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620199/; classtype:trojan-activity;sid:84483299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620200)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"uranium.ddns.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620200/; classtype:trojan-activity;sid:84483300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620201)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"uranium.ddns.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620201/; classtype:trojan-activity;sid:84483301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620202)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"uranium.ddns.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620202/; classtype:trojan-activity;sid:84483302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620203)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"uranium.ddns.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620203/; classtype:trojan-activity;sid:84483303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620204)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"uranium.ddns.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620204/; classtype:trojan-activity;sid:84483304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620194)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"212.115.41.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620194/; classtype:trojan-activity;sid:84483294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.146.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620193/; classtype:trojan-activity;sid:84483293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620190)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"212.115.41.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620190/; classtype:trojan-activity;sid:84483290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620191)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"212.115.41.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620191/; classtype:trojan-activity;sid:84483291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620192)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i486"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"212.115.41.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620192/; classtype:trojan-activity;sid:84483292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620179)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"212.115.41.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620179/; classtype:trojan-activity;sid:84483279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620180)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"212.115.41.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620180/; classtype:trojan-activity;sid:84483280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620181)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"212.115.41.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620181/; classtype:trojan-activity;sid:84483281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620182)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"212.115.41.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620182/; classtype:trojan-activity;sid:84483282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620183)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"212.115.41.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620183/; classtype:trojan-activity;sid:84483283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620184)"; flow:established,from_client; content:"GET"; http_method; content:"/fnetwork.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"212.115.41.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620184/; classtype:trojan-activity;sid:84483284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620185)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"212.115.41.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620185/; classtype:trojan-activity;sid:84483285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620186)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"212.115.41.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620186/; classtype:trojan-activity;sid:84483286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620187)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"212.115.41.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620187/; classtype:trojan-activity;sid:84483287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620188)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"212.115.41.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620188/; classtype:trojan-activity;sid:84483288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620189)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"212.115.41.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620189/; classtype:trojan-activity;sid:84483289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620178)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"stormc2.fun"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620178/; classtype:trojan-activity;sid:84483278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620177)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"stormc2.fun"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620177/; classtype:trojan-activity;sid:84483277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620176)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.86.155.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620176/; classtype:trojan-activity;sid:84483276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620175)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"stormc2.fun"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620175/; classtype:trojan-activity;sid:84483275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.52.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620174/; classtype:trojan-activity;sid:84483274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620170)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"stormc2.fun"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620170/; classtype:trojan-activity;sid:84483270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620171)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"stormc2.fun"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620171/; classtype:trojan-activity;sid:84483271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620172)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.86.155.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620172/; classtype:trojan-activity;sid:84483272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620173)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"150.40.118.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620173/; classtype:trojan-activity;sid:84483273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620168)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"stormc2.fun"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620168/; classtype:trojan-activity;sid:84483268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620169)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"stormc2.fun"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620169/; classtype:trojan-activity;sid:84483269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620160)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"stormc2.fun"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620160/; classtype:trojan-activity;sid:84483260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620161)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"stormc2.fun"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620161/; classtype:trojan-activity;sid:84483261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620162)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"stormc2.fun"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620162/; classtype:trojan-activity;sid:84483262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620163)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"stormc2.fun"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620163/; classtype:trojan-activity;sid:84483263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620164)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"stormc2.fun"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620164/; classtype:trojan-activity;sid:84483264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620165)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.86.155.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620165/; classtype:trojan-activity;sid:84483265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620166)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"stormc2.fun"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620166/; classtype:trojan-activity;sid:84483266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620167)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/updaters.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.165.60.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620167/; classtype:trojan-activity;sid:84483267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620158)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"150.40.118.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620158/; classtype:trojan-activity;sid:84483258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620159)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.i586"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.40.118.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620159/; classtype:trojan-activity;sid:84483259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620156)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.86.155.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620156/; classtype:trojan-activity;sid:84483256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620157)"; flow:established,from_client; content:"GET"; http_method; content:"/bot"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"150.40.118.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620157/; classtype:trojan-activity;sid:84483257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620147)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.86.155.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620147/; classtype:trojan-activity;sid:84483247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620148)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.86.155.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620148/; classtype:trojan-activity;sid:84483248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620149)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.86.155.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620149/; classtype:trojan-activity;sid:84483249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620150)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.86.155.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620150/; classtype:trojan-activity;sid:84483250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620151)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.86.155.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620151/; classtype:trojan-activity;sid:84483251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620152)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.86.155.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620152/; classtype:trojan-activity;sid:84483252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620153)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.86.155.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620153/; classtype:trojan-activity;sid:84483253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620154)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.86.155.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620154/; classtype:trojan-activity;sid:84483254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620155)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.86.155.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620155/; classtype:trojan-activity;sid:84483255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620146)"; flow:established,from_client; content:"GET"; http_method; content:"/erfbiob4c4.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ctu.poxyway.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620146/; classtype:trojan-activity;sid:84483246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620144)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"175.178.112.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620144/; classtype:trojan-activity;sid:84483244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620145)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.235.177.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620145/; classtype:trojan-activity;sid:84483245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620141)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"20.151.73.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620141/; classtype:trojan-activity;sid:84483241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620142)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.32.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620142/; classtype:trojan-activity;sid:84483242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620143)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.76.248.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620143/; classtype:trojan-activity;sid:84483243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620140)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.37.69.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620140/; classtype:trojan-activity;sid:84483240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620135)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.86.7.10"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620135/; classtype:trojan-activity;sid:84483235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620136)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.92.97.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620136/; classtype:trojan-activity;sid:84483236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620137)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"209.141.62.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620137/; classtype:trojan-activity;sid:84483237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620138)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.242.32.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620138/; classtype:trojan-activity;sid:84483238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620139)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"209.141.62.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620139/; classtype:trojan-activity;sid:84483239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620134)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.110.229.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620134/; classtype:trojan-activity;sid:84483234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.170.157.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620133/; classtype:trojan-activity;sid:84483233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.81.156.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620132/; classtype:trojan-activity;sid:84483232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.32.23.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620122/; classtype:trojan-activity;sid:84483222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.85.84.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620123/; classtype:trojan-activity;sid:84483223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.221.116.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620124/; classtype:trojan-activity;sid:84483224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.157.28.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620125/; classtype:trojan-activity;sid:84483225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.98.206.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620126/; classtype:trojan-activity;sid:84483226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.185.28.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620127/; classtype:trojan-activity;sid:84483227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.180.41.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620128/; classtype:trojan-activity;sid:84483228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.16.177.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620129/; classtype:trojan-activity;sid:84483229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.226.119.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620130/; classtype:trojan-activity;sid:84483230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.233.221.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620131/; classtype:trojan-activity;sid:84483231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.212.171.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620112/; classtype:trojan-activity;sid:84483212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.228.116.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620113/; classtype:trojan-activity;sid:84483213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.51.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620114/; classtype:trojan-activity;sid:84483214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.104.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620115/; classtype:trojan-activity;sid:84483215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.74.195.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620116/; classtype:trojan-activity;sid:84483216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.104.171.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620117/; classtype:trojan-activity;sid:84483217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.232.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620118/; classtype:trojan-activity;sid:84483218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.173.105.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620119/; classtype:trojan-activity;sid:84483219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.12.77.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620120/; classtype:trojan-activity;sid:84483220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"187.19.29.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620121/; classtype:trojan-activity;sid:84483221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.137.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620110/; classtype:trojan-activity;sid:84483210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.131.162.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620111/; classtype:trojan-activity;sid:84483211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620109)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.159.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620109/; classtype:trojan-activity;sid:84483209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620108)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.61.254.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620108/; classtype:trojan-activity;sid:84483208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620106)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.147.196.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620106/; classtype:trojan-activity;sid:84483206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620107)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"27.68.52.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620107/; classtype:trojan-activity;sid:84483207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620105)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.160.183.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620105/; classtype:trojan-activity;sid:84483205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620104)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.112.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620104/; classtype:trojan-activity;sid:84483204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620103)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.20.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620103/; classtype:trojan-activity;sid:84483203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620100)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"105.186.155.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620100/; classtype:trojan-activity;sid:84483200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620101)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.31.66.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620101/; classtype:trojan-activity;sid:84483201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620102)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.147.196.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620102/; classtype:trojan-activity;sid:84483202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620099)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.40.115.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620099/; classtype:trojan-activity;sid:84483199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620097)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.134.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620097/; classtype:trojan-activity;sid:84483197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620098)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.44.164.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620098/; classtype:trojan-activity;sid:84483198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620095)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.149.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620095/; classtype:trojan-activity;sid:84483195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620096)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.128.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620096/; classtype:trojan-activity;sid:84483196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620094)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620094/; classtype:trojan-activity;sid:84483194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.52.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620093/; classtype:trojan-activity;sid:84483193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620091)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620091/; classtype:trojan-activity;sid:84483191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620092)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620092/; classtype:trojan-activity;sid:84483192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620087)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620087/; classtype:trojan-activity;sid:84483187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620088)"; flow:established,from_client; content:"GET"; http_method; content:"/g.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620088/; classtype:trojan-activity;sid:84483188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620089)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620089/; classtype:trojan-activity;sid:84483189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.144.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620090/; classtype:trojan-activity;sid:84483190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620082)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620082/; classtype:trojan-activity;sid:84483182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620083)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620083/; classtype:trojan-activity;sid:84483183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620084)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620084/; classtype:trojan-activity;sid:84483184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620085)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620085/; classtype:trojan-activity;sid:84483185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620086)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620086/; classtype:trojan-activity;sid:84483186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620078)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620078/; classtype:trojan-activity;sid:84483178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620079)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620079/; classtype:trojan-activity;sid:84483179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620080)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620080/; classtype:trojan-activity;sid:84483180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620081)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620081/; classtype:trojan-activity;sid:84483181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620077)"; flow:established,from_client; content:"GET"; http_method; content:"/kne010c7tx.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ctu.poxyway.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620077/; classtype:trojan-activity;sid:84483177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620076)"; flow:established,from_client; content:"GET"; http_method; content:"/xwormclient.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.59.160.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620076/; classtype:trojan-activity;sid:84483176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620075)"; flow:established,from_client; content:"GET"; http_method; content:"/defenderupdate.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"38.110.228.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620075/; classtype:trojan-activity;sid:84483175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.163.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620074/; classtype:trojan-activity;sid:84483174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620073)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.2.149"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620073/; classtype:trojan-activity;sid:84483173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620071)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.114.171.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620071/; classtype:trojan-activity;sid:84483171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620072)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/video.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"85.114.171.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620072/; classtype:trojan-activity;sid:84483172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620069)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/video.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"85.114.171.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620069/; classtype:trojan-activity;sid:84483169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620070)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.114.171.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620070/; classtype:trojan-activity;sid:84483170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620068)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.114.171.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620068/; classtype:trojan-activity;sid:84483168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620066)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/photo.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"85.114.171.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620066/; classtype:trojan-activity;sid:84483166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620067)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/av.scr"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"85.114.171.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620067/; classtype:trojan-activity;sid:84483167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620065)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.114.171.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620065/; classtype:trojan-activity;sid:84483165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620061)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.114.171.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620061/; classtype:trojan-activity;sid:84483161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620062)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/av.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"85.114.171.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620062/; classtype:trojan-activity;sid:84483162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620063)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/photo.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"85.114.171.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620063/; classtype:trojan-activity;sid:84483163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620064)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.114.171.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620064/; classtype:trojan-activity;sid:84483164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.163.57.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620060/; classtype:trojan-activity;sid:84483160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620059)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.117.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620059/; classtype:trojan-activity;sid:84483159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620057)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.117.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620057/; classtype:trojan-activity;sid:84483157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620058)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.117.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620058/; classtype:trojan-activity;sid:84483158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620056)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.117.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620056/; classtype:trojan-activity;sid:84483156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620055)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620055/; classtype:trojan-activity;sid:84483155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620054)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620054/; classtype:trojan-activity;sid:84483154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620038)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.armv4l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620038/; classtype:trojan-activity;sid:84483138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620039)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620039/; classtype:trojan-activity;sid:84483139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620040)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.armv5l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620040/; classtype:trojan-activity;sid:84483140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620041)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.i586"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620041/; classtype:trojan-activity;sid:84483141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620042)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620042/; classtype:trojan-activity;sid:84483142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620043)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620043/; classtype:trojan-activity;sid:84483143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620044)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620044/; classtype:trojan-activity;sid:84483144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620045)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620045/; classtype:trojan-activity;sid:84483145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620046)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.sparc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620046/; classtype:trojan-activity;sid:84483146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620047)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620047/; classtype:trojan-activity;sid:84483147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620048)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620048/; classtype:trojan-activity;sid:84483148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620049)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.armv6l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620049/; classtype:trojan-activity;sid:84483149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620050)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620050/; classtype:trojan-activity;sid:84483150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620051)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620051/; classtype:trojan-activity;sid:84483151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620052)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620052/; classtype:trojan-activity;sid:84483152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620053)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620053/; classtype:trojan-activity;sid:84483153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620036)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/documenti/photo.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"151.16.8.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620036/; classtype:trojan-activity;sid:84483136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620037)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.16.8.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620037/; classtype:trojan-activity;sid:84483137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620035)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/documenti/video.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"151.16.8.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620035/; classtype:trojan-activity;sid:84483135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620034)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.16.8.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620034/; classtype:trojan-activity;sid:84483134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620032)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/documenti/av.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.16.8.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620032/; classtype:trojan-activity;sid:84483132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620033)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/documenti/video.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"151.16.8.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620033/; classtype:trojan-activity;sid:84483133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620029)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/documenti/photo.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"151.16.8.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620029/; classtype:trojan-activity;sid:84483129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620030)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.16.8.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620030/; classtype:trojan-activity;sid:84483130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620031)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.16.8.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620031/; classtype:trojan-activity;sid:84483131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620026)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.16.8.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620026/; classtype:trojan-activity;sid:84483126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620027)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.16.8.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620027/; classtype:trojan-activity;sid:84483127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620028)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/documenti/av.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.16.8.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620028/; classtype:trojan-activity;sid:84483128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620025)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoortask.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"173.212.222.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620025/; classtype:trojan-activity;sid:84483125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620024)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8432778479/qhmcbqo.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620024/; classtype:trojan-activity;sid:84483124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620023)"; flow:established,from_client; content:"GET"; http_method; content:"/thm.hta"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"173.212.222.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620023/; classtype:trojan-activity;sid:84483123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620020)"; flow:established,from_client; content:"GET"; http_method; content:"/staged-payloads/shellcode.bin"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"173.212.222.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620020/; classtype:trojan-activity;sid:84483120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620021)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"173.212.222.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620021/; classtype:trojan-activity;sid:84483121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620022)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoortask.bat"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"173.212.222.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620022/; classtype:trojan-activity;sid:84483122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.137.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620019/; classtype:trojan-activity;sid:84483119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.168.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620018/; classtype:trojan-activity;sid:84483118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620017)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.dcrat0106.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620017/; classtype:trojan-activity;sid:84483117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620016)"; flow:established,from_client; content:"GET"; http_method; content:"/andre.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.dcrat0106.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620016/; classtype:trojan-activity;sid:84483116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620015)"; flow:established,from_client; content:"GET"; http_method; content:"/2.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.90.162.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620015/; classtype:trojan-activity;sid:84483115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620013)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.90.162.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620013/; classtype:trojan-activity;sid:84483113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620014)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.tar"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"47.90.162.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620014/; classtype:trojan-activity;sid:84483114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620012)"; flow:established,from_client; content:"GET"; http_method; content:"/cob8n0x808.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ve.penodoa.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620012/; classtype:trojan-activity;sid:84483112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.217.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620011/; classtype:trojan-activity;sid:84483111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.104.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620008/; classtype:trojan-activity;sid:84483108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620009)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620009/; classtype:trojan-activity;sid:84483109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620010)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"160.250.134.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620010/; classtype:trojan-activity;sid:84483110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.195.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620007/; classtype:trojan-activity;sid:84483107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.173.199.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620006/; classtype:trojan-activity;sid:84483106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.212.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620003/; classtype:trojan-activity;sid:84483103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.87.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620004/; classtype:trojan-activity;sid:84483104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.129.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620005/; classtype:trojan-activity;sid:84483105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.201.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620000/; classtype:trojan-activity;sid:84483100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.98.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620001/; classtype:trojan-activity;sid:84483101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.195.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620002/; classtype:trojan-activity;sid:84483102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.109.223.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619999/; classtype:trojan-activity;sid:84483099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619998)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.2septiembrerem.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619998/; classtype:trojan-activity;sid:84483098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619997)"; flow:established,from_client; content:"GET"; http_method; content:"/1septiembre.vbs"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"rem0925.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619997/; classtype:trojan-activity;sid:84483097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619995)"; flow:established,from_client; content:"GET"; http_method; content:"/andre.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.2septiembrerem.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619995/; classtype:trojan-activity;sid:84483095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619996)"; flow:established,from_client; content:"GET"; http_method; content:"/2septiembre.vbs"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.2septiembrerem.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619996/; classtype:trojan-activity;sid:84483096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619991)"; flow:established,from_client; content:"GET"; http_method; content:"/x31agosto.vbs"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"rem0925.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619991/; classtype:trojan-activity;sid:84483091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619992)"; flow:established,from_client; content:"GET"; http_method; content:"/andre.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"rem0925.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619992/; classtype:trojan-activity;sid:84483092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619993)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.2septiembrerem.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619993/; classtype:trojan-activity;sid:84483093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619994)"; flow:established,from_client; content:"GET"; http_method; content:"/x31agosto.vbs"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.2septiembrerem.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619994/; classtype:trojan-activity;sid:84483094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619990)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"rem0925.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619990/; classtype:trojan-activity;sid:84483090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619988)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"rem0925.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619988/; classtype:trojan-activity;sid:84483088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619989)"; flow:established,from_client; content:"GET"; http_method; content:"/1septiembre.vbs"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.2septiembrerem.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619989/; classtype:trojan-activity;sid:84483089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619986)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"hcsnet.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619986/; classtype:trojan-activity;sid:84483086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619987)"; flow:established,from_client; content:"GET"; http_method; content:"/2septiembre.vbs"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"rem0925.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619987/; classtype:trojan-activity;sid:84483087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619984)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hcsnet.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619984/; classtype:trojan-activity;sid:84483084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619985)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"hcsnet.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619985/; classtype:trojan-activity;sid:84483085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.173.199.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619983/; classtype:trojan-activity;sid:84483083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619982)"; flow:established,from_client; content:"GET"; http_method; content:"/2ymo6nmtpq.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wa.poxyway.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619982/; classtype:trojan-activity;sid:84483082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.163.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619981/; classtype:trojan-activity;sid:84483081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619979)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619979/; classtype:trojan-activity;sid:84483079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619980)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619980/; classtype:trojan-activity;sid:84483080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619978)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.x86_32"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619978/; classtype:trojan-activity;sid:84483078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619977)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.mipsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619977/; classtype:trojan-activity;sid:84483077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619976)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619976/; classtype:trojan-activity;sid:84483076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619975)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619975/; classtype:trojan-activity;sid:84483075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619974)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619974/; classtype:trojan-activity;sid:84483074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619972)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.i686"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619972/; classtype:trojan-activity;sid:84483072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619973)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619973/; classtype:trojan-activity;sid:84483073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619971)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619971/; classtype:trojan-activity;sid:84483071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619968)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619968/; classtype:trojan-activity;sid:84483068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619969)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.x86_32"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619969/; classtype:trojan-activity;sid:84483069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619970)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619970/; classtype:trojan-activity;sid:84483070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619965)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619965/; classtype:trojan-activity;sid:84483065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619966)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.i486"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619966/; classtype:trojan-activity;sid:84483066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619967)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619967/; classtype:trojan-activity;sid:84483067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619964)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619964/; classtype:trojan-activity;sid:84483064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619962)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619962/; classtype:trojan-activity;sid:84483062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619963)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.mipsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619963/; classtype:trojan-activity;sid:84483063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619959)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619959/; classtype:trojan-activity;sid:84483059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619960)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619960/; classtype:trojan-activity;sid:84483060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619961)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619961/; classtype:trojan-activity;sid:84483061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619955)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619955/; classtype:trojan-activity;sid:84483055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619956)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619956/; classtype:trojan-activity;sid:84483056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619957)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.i686"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619957/; classtype:trojan-activity;sid:84483057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619958)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619958/; classtype:trojan-activity;sid:84483058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619951)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619951/; classtype:trojan-activity;sid:84483051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619952)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619952/; classtype:trojan-activity;sid:84483052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619953)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619953/; classtype:trojan-activity;sid:84483053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619954)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619954/; classtype:trojan-activity;sid:84483054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619950)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619950/; classtype:trojan-activity;sid:84483050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619949)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619949/; classtype:trojan-activity;sid:84483049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619948)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.i686"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619948/; classtype:trojan-activity;sid:84483048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619946)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619946/; classtype:trojan-activity;sid:84483046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619947)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619947/; classtype:trojan-activity;sid:84483047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619940)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.mipsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619940/; classtype:trojan-activity;sid:84483040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619941)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619941/; classtype:trojan-activity;sid:84483041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619942)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.x86_32"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619942/; classtype:trojan-activity;sid:84483042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619943)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619943/; classtype:trojan-activity;sid:84483043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619944)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619944/; classtype:trojan-activity;sid:84483044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619945)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619945/; classtype:trojan-activity;sid:84483045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619938)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.i486"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619938/; classtype:trojan-activity;sid:84483038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619939)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619939/; classtype:trojan-activity;sid:84483039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619937)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619937/; classtype:trojan-activity;sid:84483037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619936)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.i486"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619936/; classtype:trojan-activity;sid:84483036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.69.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619935/; classtype:trojan-activity;sid:84483035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.33.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619934/; classtype:trojan-activity;sid:84483034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619933)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619933/; classtype:trojan-activity;sid:84483033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619931)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619931/; classtype:trojan-activity;sid:84483031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619932)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619932/; classtype:trojan-activity;sid:84483032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619930)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.x86_32"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619930/; classtype:trojan-activity;sid:84483030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619929)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619929/; classtype:trojan-activity;sid:84483029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619926)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619926/; classtype:trojan-activity;sid:84483026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619927)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.i686"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619927/; classtype:trojan-activity;sid:84483027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619928)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619928/; classtype:trojan-activity;sid:84483028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619921)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619921/; classtype:trojan-activity;sid:84483021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619922)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.i486"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619922/; classtype:trojan-activity;sid:84483022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619923)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619923/; classtype:trojan-activity;sid:84483023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619924)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619924/; classtype:trojan-activity;sid:84483024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619925)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.mipsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619925/; classtype:trojan-activity;sid:84483025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619920)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619920/; classtype:trojan-activity;sid:84483020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.217.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619919/; classtype:trojan-activity;sid:84483019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619918)"; flow:established,from_client; content:"GET"; http_method; content:"/ofn1xiv4rr.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wa.poxyway.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619918/; classtype:trojan-activity;sid:84483018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.211.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619917/; classtype:trojan-activity;sid:84483017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619916)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.181.187.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619916/; classtype:trojan-activity;sid:84483016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.9.135.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619915/; classtype:trojan-activity;sid:84483015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619914)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__%5bvault%5d__%5br4%5d__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/chinga.arm6"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619914/; classtype:trojan-activity;sid:84483014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619913)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__%5bvault%5d__%5br4%5d__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/chinga.m68k"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619913/; classtype:trojan-activity;sid:84483013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619912)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__%5bvault%5d__%5br4%5d__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/chinga.sh4"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619912/; classtype:trojan-activity;sid:84483012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619908)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__%5bvault%5d__%5br4%5d__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/chinga.arm"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619908/; classtype:trojan-activity;sid:84483008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619909)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__%5bvault%5d__%5br4%5d__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/debug"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619909/; classtype:trojan-activity;sid:84483009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619910)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__%5bvault%5d__%5br4%5d__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/chinga.arm5"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619910/; classtype:trojan-activity;sid:84483010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619911)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__%5bvault%5d__%5br4%5d__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/chinga.spc"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619911/; classtype:trojan-activity;sid:84483011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619900)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__%5bvault%5d__%5br4%5d__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/chinga.x86_64"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619900/; classtype:trojan-activity;sid:84483000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619901)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__%5bvault%5d__%5br4%5d__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/chinga.mips"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619901/; classtype:trojan-activity;sid:84483001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619902)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__%5bvault%5d__%5br4%5d__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/chinga.ppc"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619902/; classtype:trojan-activity;sid:84483002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619903)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__%5bvault%5d__%5br4%5d__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/chinga.x86"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619903/; classtype:trojan-activity;sid:84483003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619904)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__%5bvault%5d__%5br4%5d__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/chinga.mpsl"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619904/; classtype:trojan-activity;sid:84483004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619905)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__%5bvault%5d__%5br4%5d__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/chinga.arm7"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619905/; classtype:trojan-activity;sid:84483005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619906)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__%5bvault%5d__%5br4%5d__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/chinga.i686"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619906/; classtype:trojan-activity;sid:84483006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619907)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__%5bvault%5d__%5br4%5d__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/chinga.arc"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619907/; classtype:trojan-activity;sid:84483007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.120.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619898/; classtype:trojan-activity;sid:84482998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.249.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619899/; classtype:trojan-activity;sid:84482999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.9.135.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619897/; classtype:trojan-activity;sid:84482997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.248.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619896/; classtype:trojan-activity;sid:84482996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619895)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5296057416/njtiemv.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619895/; classtype:trojan-activity;sid:84482995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619894)"; flow:established,from_client; content:"GET"; http_method; content:"/f1d43d779.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cdn.hyrule.pics"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619894/; classtype:trojan-activity;sid:84482994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619893)"; flow:established,from_client; content:"GET"; http_method; content:"/jaybobo1/supplier/refs/heads/main/ok.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619893/; classtype:trojan-activity;sid:84482993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.224.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619892/; classtype:trojan-activity;sid:84482992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619891)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.149.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619891/; classtype:trojan-activity;sid:84482991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.172.80.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619890/; classtype:trojan-activity;sid:84482990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.248.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619889/; classtype:trojan-activity;sid:84482989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619887)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619887/; classtype:trojan-activity;sid:84482987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619888)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619888/; classtype:trojan-activity;sid:84482988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619886)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619886/; classtype:trojan-activity;sid:84482986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.46.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619885/; classtype:trojan-activity;sid:84482985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619874)"; flow:established,from_client; content:"GET"; http_method; content:"/t/arm5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619874/; classtype:trojan-activity;sid:84482974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619875)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619875/; classtype:trojan-activity;sid:84482975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619876)"; flow:established,from_client; content:"GET"; http_method; content:"/t/arm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619876/; classtype:trojan-activity;sid:84482976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619877)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619877/; classtype:trojan-activity;sid:84482977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619878)"; flow:established,from_client; content:"GET"; http_method; content:"/t/aarch64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619878/; classtype:trojan-activity;sid:84482978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619879)"; flow:established,from_client; content:"GET"; http_method; content:"/t/mpsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619879/; classtype:trojan-activity;sid:84482979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619880)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619880/; classtype:trojan-activity;sid:84482980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619881)"; flow:established,from_client; content:"GET"; http_method; content:"/t/arm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619881/; classtype:trojan-activity;sid:84482981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619882)"; flow:established,from_client; content:"GET"; http_method; content:"/t/mips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619882/; classtype:trojan-activity;sid:84482982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619883)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619883/; classtype:trojan-activity;sid:84482983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619884)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619884/; classtype:trojan-activity;sid:84482984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619873)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619873/; classtype:trojan-activity;sid:84482973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.160.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619872/; classtype:trojan-activity;sid:84482972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.236.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619871/; classtype:trojan-activity;sid:84482971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619870)"; flow:established,from_client; content:"GET"; http_method; content:"/1alubooyp6walqm.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619870/; classtype:trojan-activity;sid:84482970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619868)"; flow:established,from_client; content:"GET"; http_method; content:"/tnpra83sjd0ysuw.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619868/; classtype:trojan-activity;sid:84482968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619869)"; flow:established,from_client; content:"GET"; http_method; content:"/bxsm8d4voxbi6fc.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619869/; classtype:trojan-activity;sid:84482969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619867)"; flow:established,from_client; content:"GET"; http_method; content:"/hgr.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"alpinreisan1.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619867/; classtype:trojan-activity;sid:84482967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619866)"; flow:established,from_client; content:"GET"; http_method; content:"/wss.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"alpinreisan1.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619866/; classtype:trojan-activity;sid:84482966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619865)"; flow:established,from_client; content:"GET"; http_method; content:"/chs.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"alpinreisan1.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619865/; classtype:trojan-activity;sid:84482965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.107.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619864/; classtype:trojan-activity;sid:84482964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619863)"; flow:established,from_client; content:"GET"; http_method; content:"/4mhcx1twu3.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sno.pubarey.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619863/; classtype:trojan-activity;sid:84482963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619862)"; flow:established,from_client; content:"GET"; http_method; content:"/grbye6f2xz.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sno.pubarey.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619862/; classtype:trojan-activity;sid:84482962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619861)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250905150950.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"comprovantes.eu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619861/; classtype:trojan-activity;sid:84482961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619860)"; flow:established,from_client; content:"GET"; http_method; content:"/download/optimized_msi_20250904/optimized_msi.png"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"archive.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619860/; classtype:trojan-activity;sid:84482960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619859)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250908010522.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"shipping2.xo.je"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619859/; classtype:trojan-activity;sid:84482959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.144.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619858/; classtype:trojan-activity;sid:84482958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619857)"; flow:established,from_client; content:"GET"; http_method; content:"/ping.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cloud-niche.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619857/; classtype:trojan-activity;sid:84482957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619856)"; flow:established,from_client; content:"GET"; http_method; content:"/aabn.lpk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cloud-niche.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619856/; classtype:trojan-activity;sid:84482956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619855)"; flow:established,from_client; content:"GET"; http_method; content:"/begui137.hhp"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cloud-niche.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619855/; classtype:trojan-activity;sid:84482955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619852)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.208.197.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619852/; classtype:trojan-activity;sid:84482952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619853)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.208.197.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619853/; classtype:trojan-activity;sid:84482953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619854)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.208.197.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619854/; classtype:trojan-activity;sid:84482954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.158.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619851/; classtype:trojan-activity;sid:84482951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.241.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619850/; classtype:trojan-activity;sid:84482950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.81.97.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619849/; classtype:trojan-activity;sid:84482949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619848)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.117.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619848/; classtype:trojan-activity;sid:84482948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619842)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.117.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619842/; classtype:trojan-activity;sid:84482942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619843)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.117.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619843/; classtype:trojan-activity;sid:84482943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619844)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.117.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619844/; classtype:trojan-activity;sid:84482944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619845)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.117.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619845/; classtype:trojan-activity;sid:84482945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619846)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.117.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619846/; classtype:trojan-activity;sid:84482946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619847)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.117.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619847/; classtype:trojan-activity;sid:84482947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619835)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.117.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619835/; classtype:trojan-activity;sid:84482935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619836)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.117.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619836/; classtype:trojan-activity;sid:84482936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619837)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.117.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619837/; classtype:trojan-activity;sid:84482937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619838)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.117.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619838/; classtype:trojan-activity;sid:84482938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619839)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.117.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619839/; classtype:trojan-activity;sid:84482939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619840)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.117.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619840/; classtype:trojan-activity;sid:84482940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619841)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.117.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619841/; classtype:trojan-activity;sid:84482941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619834)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.117.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619834/; classtype:trojan-activity;sid:84482934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.190.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619833/; classtype:trojan-activity;sid:84482933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619832)"; flow:established,from_client; content:"GET"; http_method; content:"/gjb95p67im.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sno.pubarey.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619832/; classtype:trojan-activity;sid:84482932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.4.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619831/; classtype:trojan-activity;sid:84482931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619830)"; flow:established,from_client; content:"GET"; http_method; content:"/j8ahghtzp969ca/discord.bin"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"95.216.187.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619830/; classtype:trojan-activity;sid:84482930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619829)"; flow:established,from_client; content:"GET"; http_method; content:"/j8ahghtzp969ca/cpdll.bin"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"95.216.187.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619829/; classtype:trojan-activity;sid:84482929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619828)"; flow:established,from_client; content:"GET"; http_method; content:"/j8ahghtzp969ca/sodll.bin"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"95.216.187.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619828/; classtype:trojan-activity;sid:84482928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619827)"; flow:established,from_client; content:"GET"; http_method; content:"/win86.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"exortsoft.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619827/; classtype:trojan-activity;sid:84482927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.241.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619826/; classtype:trojan-activity;sid:84482926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.81.97.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619825/; classtype:trojan-activity;sid:84482925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.190.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619824/; classtype:trojan-activity;sid:84482924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.214.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619823/; classtype:trojan-activity;sid:84482923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619822)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5815908625/qi7l69u.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619822/; classtype:trojan-activity;sid:84482922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.237.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619821/; classtype:trojan-activity;sid:84482921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619820)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1129026890/knwe0uq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619820/; classtype:trojan-activity;sid:84482920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.4.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619819/; classtype:trojan-activity;sid:84482919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.237.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619818/; classtype:trojan-activity;sid:84482918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619817)"; flow:established,from_client; content:"GET"; http_method; content:"/1b8nzcbfnh.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sno.pubarey.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619817/; classtype:trojan-activity;sid:84482917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.80.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619816/; classtype:trojan-activity;sid:84482916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.89.102.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619815/; classtype:trojan-activity;sid:84482915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.214.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619814/; classtype:trojan-activity;sid:84482914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.19.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619813/; classtype:trojan-activity;sid:84482913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.125.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619812/; classtype:trojan-activity;sid:84482912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.210.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619811/; classtype:trojan-activity;sid:84482911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.114.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619810/; classtype:trojan-activity;sid:84482910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.242.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619809/; classtype:trojan-activity;sid:84482909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.216.161.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619808/; classtype:trojan-activity;sid:84482908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.117.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619807/; classtype:trojan-activity;sid:84482907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619806)"; flow:established,from_client; content:"GET"; http_method; content:"/1moknpeigb.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sno.pubarey.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619806/; classtype:trojan-activity;sid:84482906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.176.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619805/; classtype:trojan-activity;sid:84482905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.96.110.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619804/; classtype:trojan-activity;sid:84482904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.77.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619803/; classtype:trojan-activity;sid:84482903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.164.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619802/; classtype:trojan-activity;sid:84482902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.82.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619801/; classtype:trojan-activity;sid:84482901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619800)"; flow:established,from_client; content:"GET"; http_method; content:"/mqi1030n1o.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sno.pubarey.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619800/; classtype:trojan-activity;sid:84482900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.66.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619799/; classtype:trojan-activity;sid:84482899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.221.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619798/; classtype:trojan-activity;sid:84482898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.188.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619797/; classtype:trojan-activity;sid:84482897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619796)"; flow:established,from_client; content:"GET"; http_method; content:"/iddr/ttt.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"microsoft-telemetry.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619796/; classtype:trojan-activity;sid:84482896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.82.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619795/; classtype:trojan-activity;sid:84482895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.159.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619794/; classtype:trojan-activity;sid:84482894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.221.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619793/; classtype:trojan-activity;sid:84482893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.15.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619792/; classtype:trojan-activity;sid:84482892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.66.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619791/; classtype:trojan-activity;sid:84482891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.156.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619790/; classtype:trojan-activity;sid:84482890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.69.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619789/; classtype:trojan-activity;sid:84482889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.19.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619788/; classtype:trojan-activity;sid:84482888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.83.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619787/; classtype:trojan-activity;sid:84482887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.237.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619786/; classtype:trojan-activity;sid:84482886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.77.146.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619782/; classtype:trojan-activity;sid:84482882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619783)"; flow:established,from_client; content:"GET"; http_method; content:"/t/skid.arc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619783/; classtype:trojan-activity;sid:84482883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619784)"; flow:established,from_client; content:"GET"; http_method; content:"/t/skid.aarch64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619784/; classtype:trojan-activity;sid:84482884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619785)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.250.184.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619785/; classtype:trojan-activity;sid:84482885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.252.40.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619780/; classtype:trojan-activity;sid:84482880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.130.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619781/; classtype:trojan-activity;sid:84482881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.146.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619779/; classtype:trojan-activity;sid:84482879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619778/; classtype:trojan-activity;sid:84482878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.94.31.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619776/; classtype:trojan-activity;sid:84482876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.38.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619777/; classtype:trojan-activity;sid:84482877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.178.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619773/; classtype:trojan-activity;sid:84482873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.135.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619774/; classtype:trojan-activity;sid:84482874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.222.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619775/; classtype:trojan-activity;sid:84482875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.241.143.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619772/; classtype:trojan-activity;sid:84482872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.163.57.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619771/; classtype:trojan-activity;sid:84482871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619770)"; flow:established,from_client; content:"GET"; http_method; content:"/0ef2otwrtg.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sno.pubarey.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619770/; classtype:trojan-activity;sid:84482870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.156.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619769/; classtype:trojan-activity;sid:84482869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.159.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619768/; classtype:trojan-activity;sid:84482868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.54.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619767/; classtype:trojan-activity;sid:84482867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.237.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619766/; classtype:trojan-activity;sid:84482866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.241.143.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619765/; classtype:trojan-activity;sid:84482865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.163.57.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619764/; classtype:trojan-activity;sid:84482864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.54.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619763/; classtype:trojan-activity;sid:84482863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.83.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619762/; classtype:trojan-activity;sid:84482862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619761)"; flow:established,from_client; content:"GET"; http_method; content:"/fhb26i1p4g.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sno.pubarey.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619761/; classtype:trojan-activity;sid:84482861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.144.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619760/; classtype:trojan-activity;sid:84482860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.209.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619759/; classtype:trojan-activity;sid:84482859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.174.117.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619758/; classtype:trojan-activity;sid:84482858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.7.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619757/; classtype:trojan-activity;sid:84482857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.122.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619756/; classtype:trojan-activity;sid:84482856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619755)"; flow:established,from_client; content:"GET"; http_method; content:"/w63nd4mdyp.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sno.pubarey.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619755/; classtype:trojan-activity;sid:84482855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.7.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619754/; classtype:trojan-activity;sid:84482854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619753)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.184.142.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619753/; classtype:trojan-activity;sid:84482853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.153.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619752/; classtype:trojan-activity;sid:84482852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.114.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619751/; classtype:trojan-activity;sid:84482851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.157.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619750/; classtype:trojan-activity;sid:84482850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.83.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619749/; classtype:trojan-activity;sid:84482849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.7.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619747/; classtype:trojan-activity;sid:84482847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.174.117.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619748/; classtype:trojan-activity;sid:84482848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.185.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619746/; classtype:trojan-activity;sid:84482846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.122.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619745/; classtype:trojan-activity;sid:84482845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.153.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619744/; classtype:trojan-activity;sid:84482844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.210.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619743/; classtype:trojan-activity;sid:84482843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.7.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619742/; classtype:trojan-activity;sid:84482842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.69.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619741/; classtype:trojan-activity;sid:84482841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.252.252.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619740/; classtype:trojan-activity;sid:84482840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.210.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619739/; classtype:trojan-activity;sid:84482839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.127.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619738/; classtype:trojan-activity;sid:84482838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619737)"; flow:established,from_client; content:"GET"; http_method; content:"/l54hi0eght.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sno.pubarey.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619737/; classtype:trojan-activity;sid:84482837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.229.207.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619736/; classtype:trojan-activity;sid:84482836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619735)"; flow:established,from_client; content:"GET"; http_method; content:"/stb/retev.php|3f|bl=gja5tmguxn9vkhnzpvpre008.txt"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"pubshierstext.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619735/; classtype:trojan-activity;sid:84482835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619734)"; flow:established,from_client; content:"GET"; http_method; content:"/iddr/123.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"microsoft-telemetry.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619734/; classtype:trojan-activity;sid:84482834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.32.234.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619733/; classtype:trojan-activity;sid:84482833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.150.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619732/; classtype:trojan-activity;sid:84482832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.184.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619731/; classtype:trojan-activity;sid:84482831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.37.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619730/; classtype:trojan-activity;sid:84482830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.116.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619729/; classtype:trojan-activity;sid:84482829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.229.207.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619728/; classtype:trojan-activity;sid:84482828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.210.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619727/; classtype:trojan-activity;sid:84482827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619726)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619726/; classtype:trojan-activity;sid:84482826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619725)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.149.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619725/; classtype:trojan-activity;sid:84482825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.23.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619724/; classtype:trojan-activity;sid:84482824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.14.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619723/; classtype:trojan-activity;sid:84482823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619722)"; flow:established,from_client; content:"GET"; http_method; content:"/62pj1gc80m.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sno.pubarey.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619722/; classtype:trojan-activity;sid:84482822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.32.234.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619721/; classtype:trojan-activity;sid:84482821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.207.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619720/; classtype:trojan-activity;sid:84482820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.184.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619718/; classtype:trojan-activity;sid:84482818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.37.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619719/; classtype:trojan-activity;sid:84482819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.160.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619717/; classtype:trojan-activity;sid:84482817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.236.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619716/; classtype:trojan-activity;sid:84482816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.7.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619715/; classtype:trojan-activity;sid:84482815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619714)"; flow:established,from_client; content:"GET"; http_method; content:"/fygntg27qi.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sno.pubarey.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619714/; classtype:trojan-activity;sid:84482814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.157.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619713/; classtype:trojan-activity;sid:84482813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.236.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619712/; classtype:trojan-activity;sid:84482812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.207.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619711/; classtype:trojan-activity;sid:84482811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.154.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619710/; classtype:trojan-activity;sid:84482810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.198.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619708/; classtype:trojan-activity;sid:84482808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619709)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__[vault]__[r4]__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/chinga.mpsl"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619709/; classtype:trojan-activity;sid:84482809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619702)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__[vault]__[r4]__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/chinga.x86_64"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619702/; classtype:trojan-activity;sid:84482802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619703)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__[vault]__[r4]__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/chinga.x86"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619703/; classtype:trojan-activity;sid:84482803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619704)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__[vault]__[r4]__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/chinga.sh4"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619704/; classtype:trojan-activity;sid:84482804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619705)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.155.94.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619705/; classtype:trojan-activity;sid:84482805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619706)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__[vault]__[r4]__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/chinga.arm6"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619706/; classtype:trojan-activity;sid:84482806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619707)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__[vault]__[r4]__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/chinga.m68k"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619707/; classtype:trojan-activity;sid:84482807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619699)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__[vault]__[r4]__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/chinga.ppc"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619699/; classtype:trojan-activity;sid:84482799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619700)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__[vault]__[r4]__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/chinga.arm5"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619700/; classtype:trojan-activity;sid:84482800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619701)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__[vault]__[r4]__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/chinga.mips"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619701/; classtype:trojan-activity;sid:84482801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619694)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619694/; classtype:trojan-activity;sid:84482794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619695)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619695/; classtype:trojan-activity;sid:84482795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619696)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619696/; classtype:trojan-activity;sid:84482796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619697)"; flow:established,from_client; content:"GET"; http_method; content:"/secure__vault__2025-09-07t06-00__a9f3d8e2-7b41-4c0f-9c1a/chinga.spc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619697/; classtype:trojan-activity;sid:84482797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619698)"; flow:established,from_client; content:"GET"; http_method; content:"/secure__vault__2025-09-07t06-00__a9f3d8e2-7b41-4c0f-9c1a/debug"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619698/; classtype:trojan-activity;sid:84482798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619692)"; flow:established,from_client; content:"GET"; http_method; content:"/secure__vault__2025-09-07t06-00__a9f3d8e2-7b41-4c0f-9c1a/chinga.arm"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619692/; classtype:trojan-activity;sid:84482792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619693)"; flow:established,from_client; content:"GET"; http_method; content:"/secure__vault__2025-09-07t06-00__a9f3d8e2-7b41-4c0f-9c1a/chinga.mips"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619693/; classtype:trojan-activity;sid:84482793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619691)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5055104299/gie613k.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619691/; classtype:trojan-activity;sid:84482791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619690)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.155.94.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619690/; classtype:trojan-activity;sid:84482790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619689)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.155.94.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619689/; classtype:trojan-activity;sid:84482789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619687)"; flow:established,from_client; content:"GET"; http_method; content:"/secure__vault__2025-09-07t06-00__a9f3d8e2-7b41-4c0f-9c1a/chinga.sh4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619687/; classtype:trojan-activity;sid:84482787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619688)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.155.94.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619688/; classtype:trojan-activity;sid:84482788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619685)"; flow:established,from_client; content:"GET"; http_method; content:"/secure__vault__2025-09-07t06-00__a9f3d8e2-7b41-4c0f-9c1a/chinga.x86"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619685/; classtype:trojan-activity;sid:84482785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619686)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.208.197.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619686/; classtype:trojan-activity;sid:84482786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619675)"; flow:established,from_client; content:"GET"; http_method; content:"/secure__vault__2025-09-07t06-00__a9f3d8e2-7b41-4c0f-9c1a/chinga.arm5"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619675/; classtype:trojan-activity;sid:84482775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619676)"; flow:established,from_client; content:"GET"; http_method; content:"/secure__vault__2025-09-07t06-00__a9f3d8e2-7b41-4c0f-9c1a/chinga.arm6"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619676/; classtype:trojan-activity;sid:84482776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619677)"; flow:established,from_client; content:"GET"; http_method; content:"/secure__vault__2025-09-07t06-00__a9f3d8e2-7b41-4c0f-9c1a/chinga.arm7"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619677/; classtype:trojan-activity;sid:84482777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619678)"; flow:established,from_client; content:"GET"; http_method; content:"/secure__vault__2025-09-07t06-00__a9f3d8e2-7b41-4c0f-9c1a/chinga.ppc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619678/; classtype:trojan-activity;sid:84482778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619679)"; flow:established,from_client; content:"GET"; http_method; content:"/secure__vault__2025-09-07t06-00__a9f3d8e2-7b41-4c0f-9c1a/chinga.x86_64"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619679/; classtype:trojan-activity;sid:84482779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619680)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.155.94.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619680/; classtype:trojan-activity;sid:84482780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619681)"; flow:established,from_client; content:"GET"; http_method; content:"/secure__vault__2025-09-07t06-00__a9f3d8e2-7b41-4c0f-9c1a/chinga.m68k"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619681/; classtype:trojan-activity;sid:84482781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619682)"; flow:established,from_client; content:"GET"; http_method; content:"/secure__vault__2025-09-07t06-00__a9f3d8e2-7b41-4c0f-9c1a/chinga.arc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619682/; classtype:trojan-activity;sid:84482782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619683)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.85.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619683/; classtype:trojan-activity;sid:84482783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619684)"; flow:established,from_client; content:"GET"; http_method; content:"/secure__vault__2025-09-07t06-00__a9f3d8e2-7b41-4c0f-9c1a/chinga.mpsl"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619684/; classtype:trojan-activity;sid:84482784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619673)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619673/; classtype:trojan-activity;sid:84482773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619674)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.155.94.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619674/; classtype:trojan-activity;sid:84482774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.109.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619672/; classtype:trojan-activity;sid:84482772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.38.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619671/; classtype:trojan-activity;sid:84482771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.154.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619670/; classtype:trojan-activity;sid:84482770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.179.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619669/; classtype:trojan-activity;sid:84482769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.38.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619668/; classtype:trojan-activity;sid:84482768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619667/; classtype:trojan-activity;sid:84482767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619666/; classtype:trojan-activity;sid:84482766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.99.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619665/; classtype:trojan-activity;sid:84482765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.47.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619664/; classtype:trojan-activity;sid:84482764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.115.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619663/; classtype:trojan-activity;sid:84482763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.179.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619662/; classtype:trojan-activity;sid:84482762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.47.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619661/; classtype:trojan-activity;sid:84482761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.76.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619660/; classtype:trojan-activity;sid:84482760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619659)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5298241443/s8nphvo.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619659/; classtype:trojan-activity;sid:84482759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619658/; classtype:trojan-activity;sid:84482758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.28.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619657/; classtype:trojan-activity;sid:84482757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619656)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5394971402/oxnzjsj.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619656/; classtype:trojan-activity;sid:84482756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619654)"; flow:established,from_client; content:"GET"; http_method; content:"/crayzy_rd__[vault]__[r4]__node-07__a9f3d8e2-7b41-4c0f-9c1a_xq7lwyek/chinga.arm7"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"196.251.116.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619654/; classtype:trojan-activity;sid:84482754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.154.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619655/; classtype:trojan-activity;sid:84482755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.115.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619653/; classtype:trojan-activity;sid:84482753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619652)"; flow:established,from_client; content:"GET"; http_method; content:"/q42so9g6p3.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sno.pubarey.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619652/; classtype:trojan-activity;sid:84482752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.230.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619651/; classtype:trojan-activity;sid:84482751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.27.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619650/; classtype:trojan-activity;sid:84482750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.154.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619648/; classtype:trojan-activity;sid:84482748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.28.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619649/; classtype:trojan-activity;sid:84482749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.60.180.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619647/; classtype:trojan-activity;sid:84482747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.226.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619646/; classtype:trojan-activity;sid:84482746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619645/; classtype:trojan-activity;sid:84482745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.216.41.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619644/; classtype:trojan-activity;sid:84482744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.27.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619642/; classtype:trojan-activity;sid:84482742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.83.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619643/; classtype:trojan-activity;sid:84482743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619638)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619638/; classtype:trojan-activity;sid:84482738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619639)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619639/; classtype:trojan-activity;sid:84482739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619640)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619640/; classtype:trojan-activity;sid:84482740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619641)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619641/; classtype:trojan-activity;sid:84482741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619637/; classtype:trojan-activity;sid:84482737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619636)"; flow:established,from_client; content:"GET"; http_method; content:"/sedh4t19y4.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sno.pubarey.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619636/; classtype:trojan-activity;sid:84482736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.45.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619635/; classtype:trojan-activity;sid:84482735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619632)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619632/; classtype:trojan-activity;sid:84482732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.252.40.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619633/; classtype:trojan-activity;sid:84482733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619634)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619634/; classtype:trojan-activity;sid:84482734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.76.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619631/; classtype:trojan-activity;sid:84482731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619630/; classtype:trojan-activity;sid:84482730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619623)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619623/; classtype:trojan-activity;sid:84482723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619624)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619624/; classtype:trojan-activity;sid:84482724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619625)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619625/; classtype:trojan-activity;sid:84482725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619626)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619626/; classtype:trojan-activity;sid:84482726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619627)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619627/; classtype:trojan-activity;sid:84482727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.140.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619628/; classtype:trojan-activity;sid:84482728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.176.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619629/; classtype:trojan-activity;sid:84482729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619622)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619622/; classtype:trojan-activity;sid:84482722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619621)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619621/; classtype:trojan-activity;sid:84482721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.155.149.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619620/; classtype:trojan-activity;sid:84482720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.60.180.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619619/; classtype:trojan-activity;sid:84482719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.132.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619618/; classtype:trojan-activity;sid:84482718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.83.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619617/; classtype:trojan-activity;sid:84482717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619616)"; flow:established,from_client; content:"GET"; http_method; content:"/41rb51uyho.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sno.pubarey.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619616/; classtype:trojan-activity;sid:84482716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.135.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619615/; classtype:trojan-activity;sid:84482715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.163.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619614/; classtype:trojan-activity;sid:84482714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.155.149.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619613/; classtype:trojan-activity;sid:84482713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.108.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619612/; classtype:trojan-activity;sid:84482712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.163.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619611/; classtype:trojan-activity;sid:84482711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.45.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619610/; classtype:trojan-activity;sid:84482710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.135.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619609/; classtype:trojan-activity;sid:84482709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619608)"; flow:established,from_client; content:"GET"; http_method; content:"/wb2yl3g18x.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sno.pubarey.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619608/; classtype:trojan-activity;sid:84482708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.123.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619607/; classtype:trojan-activity;sid:84482707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.132.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619606/; classtype:trojan-activity;sid:84482706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.123.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619605/; classtype:trojan-activity;sid:84482705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.203.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619604/; classtype:trojan-activity;sid:84482704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.201.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619603/; classtype:trojan-activity;sid:84482703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.119.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619602/; classtype:trojan-activity;sid:84482702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.3.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619601/; classtype:trojan-activity;sid:84482701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.53.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619600/; classtype:trojan-activity;sid:84482700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.19.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619599/; classtype:trojan-activity;sid:84482699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619594)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.192.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619594/; classtype:trojan-activity;sid:84482694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619595)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.192.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619595/; classtype:trojan-activity;sid:84482695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619596)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.149.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619596/; classtype:trojan-activity;sid:84482696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619597)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.192.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619597/; classtype:trojan-activity;sid:84482697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619598)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.149.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619598/; classtype:trojan-activity;sid:84482698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619588)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.153.34.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619588/; classtype:trojan-activity;sid:84482688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619589)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619589/; classtype:trojan-activity;sid:84482689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619590)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.153.34.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619590/; classtype:trojan-activity;sid:84482690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619591)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.153.34.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619591/; classtype:trojan-activity;sid:84482691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619592)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.153.34.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619592/; classtype:trojan-activity;sid:84482692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619593)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.153.34.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619593/; classtype:trojan-activity;sid:84482693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619584)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.192.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619584/; classtype:trojan-activity;sid:84482684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619585)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.192.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619585/; classtype:trojan-activity;sid:84482685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619586)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619586/; classtype:trojan-activity;sid:84482686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619587)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.192.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619587/; classtype:trojan-activity;sid:84482687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619579)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.192.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619579/; classtype:trojan-activity;sid:84482679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619580)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.192.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619580/; classtype:trojan-activity;sid:84482680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619581)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.192.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619581/; classtype:trojan-activity;sid:84482681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619582)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.192.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619582/; classtype:trojan-activity;sid:84482682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619583)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.192.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619583/; classtype:trojan-activity;sid:84482683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619554)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.155.94.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619554/; classtype:trojan-activity;sid:84482654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619555)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.155.94.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619555/; classtype:trojan-activity;sid:84482655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619556)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.149.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619556/; classtype:trojan-activity;sid:84482656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619557)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.155.94.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619557/; classtype:trojan-activity;sid:84482657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619558)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619558/; classtype:trojan-activity;sid:84482658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619559)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619559/; classtype:trojan-activity;sid:84482659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619560)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.149.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619560/; classtype:trojan-activity;sid:84482660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619561)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.155.94.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619561/; classtype:trojan-activity;sid:84482661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619562)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619562/; classtype:trojan-activity;sid:84482662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619563)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.155.94.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619563/; classtype:trojan-activity;sid:84482663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619564)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619564/; classtype:trojan-activity;sid:84482664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619565)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619565/; classtype:trojan-activity;sid:84482665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619566)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.155.94.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619566/; classtype:trojan-activity;sid:84482666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619567)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.155.94.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619567/; classtype:trojan-activity;sid:84482667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619568)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.149.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619568/; classtype:trojan-activity;sid:84482668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619569)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.149.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619569/; classtype:trojan-activity;sid:84482669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619570)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619570/; classtype:trojan-activity;sid:84482670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619571)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.149.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619571/; classtype:trojan-activity;sid:84482671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619572)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.149.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619572/; classtype:trojan-activity;sid:84482672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619573)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619573/; classtype:trojan-activity;sid:84482673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619574)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.155.94.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619574/; classtype:trojan-activity;sid:84482674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619575)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.149.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619575/; classtype:trojan-activity;sid:84482675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619576)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.155.94.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619576/; classtype:trojan-activity;sid:84482676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619577)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"202.155.94.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619577/; classtype:trojan-activity;sid:84482677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619578)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.192.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619578/; classtype:trojan-activity;sid:84482678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.209.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619553/; classtype:trojan-activity;sid:84482653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.3.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619552/; classtype:trojan-activity;sid:84482652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.49.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619551/; classtype:trojan-activity;sid:84482651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.209.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619550/; classtype:trojan-activity;sid:84482650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.10.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619549/; classtype:trojan-activity;sid:84482649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.247.129.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619548/; classtype:trojan-activity;sid:84482648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.49.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619547/; classtype:trojan-activity;sid:84482647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619546)"; flow:established,from_client; content:"GET"; http_method; content:"/a1kvpvsvpa.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sno.pubarey.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619546/; classtype:trojan-activity;sid:84482646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.195.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619545/; classtype:trojan-activity;sid:84482645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.223.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619544/; classtype:trojan-activity;sid:84482644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.103.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619542/; classtype:trojan-activity;sid:84482642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.252.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619543/; classtype:trojan-activity;sid:84482643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.10.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619541/; classtype:trojan-activity;sid:84482641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619540)"; flow:established,from_client; content:"GET"; http_method; content:"/5g60dz8ev8.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sno.pubarey.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619540/; classtype:trojan-activity;sid:84482640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.142.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619539/; classtype:trojan-activity;sid:84482639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.147.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619538/; classtype:trojan-activity;sid:84482638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.247.129.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619537/; classtype:trojan-activity;sid:84482637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.33.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619536/; classtype:trojan-activity;sid:84482636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.103.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619535/; classtype:trojan-activity;sid:84482635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.147.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619534/; classtype:trojan-activity;sid:84482634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619533)"; flow:established,from_client; content:"GET"; http_method; content:"/3bsdiv9s66.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sno.pubarey.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619533/; classtype:trojan-activity;sid:84482633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.35.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619532/; classtype:trojan-activity;sid:84482632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.142.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619531/; classtype:trojan-activity;sid:84482631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.109.162.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619530/; classtype:trojan-activity;sid:84482630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.88.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619529/; classtype:trojan-activity;sid:84482629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.240.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619528/; classtype:trojan-activity;sid:84482628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.35.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619527/; classtype:trojan-activity;sid:84482627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.33.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619526/; classtype:trojan-activity;sid:84482626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.147.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619525/; classtype:trojan-activity;sid:84482625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.66.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619524/; classtype:trojan-activity;sid:84482624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.147.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619523/; classtype:trojan-activity;sid:84482623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.57.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619522/; classtype:trojan-activity;sid:84482622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.88.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619520/; classtype:trojan-activity;sid:84482620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.207.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619521/; classtype:trojan-activity;sid:84482621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.141.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619519/; classtype:trojan-activity;sid:84482619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.29.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619518/; classtype:trojan-activity;sid:84482618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.207.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619517/; classtype:trojan-activity;sid:84482617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619516)"; flow:established,from_client; content:"GET"; http_method; content:"/bijgoad1qo.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jl.pubarey.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619516/; classtype:trojan-activity;sid:84482616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.243.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619515/; classtype:trojan-activity;sid:84482615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.244.203.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619514/; classtype:trojan-activity;sid:84482614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.98.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619512/; classtype:trojan-activity;sid:84482612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.19.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619513/; classtype:trojan-activity;sid:84482613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.72.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619511/; classtype:trojan-activity;sid:84482611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619510)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.208.197.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619510/; classtype:trojan-activity;sid:84482610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.249.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619509/; classtype:trojan-activity;sid:84482609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619508)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.208.197.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619508/; classtype:trojan-activity;sid:84482608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619505)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.208.197.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619505/; classtype:trojan-activity;sid:84482605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619506)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.208.197.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619506/; classtype:trojan-activity;sid:84482606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619507)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.208.197.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619507/; classtype:trojan-activity;sid:84482607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.252.40.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619504/; classtype:trojan-activity;sid:84482604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.4.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619503/; classtype:trojan-activity;sid:84482603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619501)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.208.197.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619501/; classtype:trojan-activity;sid:84482601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.26.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619502/; classtype:trojan-activity;sid:84482602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619499)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.208.197.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619499/; classtype:trojan-activity;sid:84482599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619500)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.208.197.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619500/; classtype:trojan-activity;sid:84482600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.113.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619498/; classtype:trojan-activity;sid:84482598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619496)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"72.60.146.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619496/; classtype:trojan-activity;sid:84482596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619497)"; flow:established,from_client; content:"GET"; http_method; content:"/t/skid.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619497/; classtype:trojan-activity;sid:84482597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619494)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.208.197.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619494/; classtype:trojan-activity;sid:84482594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619495)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.208.197.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619495/; classtype:trojan-activity;sid:84482595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619492)"; flow:established,from_client; content:"GET"; http_method; content:"/t/skid.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619492/; classtype:trojan-activity;sid:84482592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619493)"; flow:established,from_client; content:"GET"; http_method; content:"/t/skid.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619493/; classtype:trojan-activity;sid:84482593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619488)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.149.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619488/; classtype:trojan-activity;sid:84482588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619489)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.208.197.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619489/; classtype:trojan-activity;sid:84482589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619490)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.208.197.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619490/; classtype:trojan-activity;sid:84482590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619491)"; flow:established,from_client; content:"GET"; http_method; content:"/t/skid.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619491/; classtype:trojan-activity;sid:84482591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619487)"; flow:established,from_client; content:"GET"; http_method; content:"/t/skid.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619487/; classtype:trojan-activity;sid:84482587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.57.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619486/; classtype:trojan-activity;sid:84482586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619485/; classtype:trojan-activity;sid:84482585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619484/; classtype:trojan-activity;sid:84482584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619483)"; flow:established,from_client; content:"GET"; http_method; content:"/xtr5xqym8y.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mra.teziriy.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619483/; classtype:trojan-activity;sid:84482583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.152.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619481/; classtype:trojan-activity;sid:84482581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.40.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619482/; classtype:trojan-activity;sid:84482582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.72.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619480/; classtype:trojan-activity;sid:84482580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.54.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619479/; classtype:trojan-activity;sid:84482579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.152.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619478/; classtype:trojan-activity;sid:84482578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.178.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619477/; classtype:trojan-activity;sid:84482577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.127.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619476/; classtype:trojan-activity;sid:84482576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.77.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619475/; classtype:trojan-activity;sid:84482575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.203.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619474/; classtype:trojan-activity;sid:84482574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.12.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619473/; classtype:trojan-activity;sid:84482573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.67.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619472/; classtype:trojan-activity;sid:84482572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.6.91.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619471/; classtype:trojan-activity;sid:84482571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619470)"; flow:established,from_client; content:"GET"; http_method; content:"/9ck7yuhq7p.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mra.teziriy.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619470/; classtype:trojan-activity;sid:84482570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.179.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619469/; classtype:trojan-activity;sid:84482569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.188.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619468/; classtype:trojan-activity;sid:84482568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.140.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619467/; classtype:trojan-activity;sid:84482567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.192.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619466/; classtype:trojan-activity;sid:84482566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.203.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619465/; classtype:trojan-activity;sid:84482565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.6.91.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619464/; classtype:trojan-activity;sid:84482564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.224.181.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619463/; classtype:trojan-activity;sid:84482563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.67.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619462/; classtype:trojan-activity;sid:84482562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.88.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619461/; classtype:trojan-activity;sid:84482561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.192.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619460/; classtype:trojan-activity;sid:84482560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619459)"; flow:established,from_client; content:"GET"; http_method; content:"/oa5uelbck7.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mra.teziriy.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619459/; classtype:trojan-activity;sid:84482559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.159.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619458/; classtype:trojan-activity;sid:84482558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.173.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619457/; classtype:trojan-activity;sid:84482557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.103.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619456/; classtype:trojan-activity;sid:84482556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.14.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619455/; classtype:trojan-activity;sid:84482555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.88.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619454/; classtype:trojan-activity;sid:84482554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.71.204.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619452/; classtype:trojan-activity;sid:84482552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.43.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619453/; classtype:trojan-activity;sid:84482553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.12.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619451/; classtype:trojan-activity;sid:84482551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.19.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619450/; classtype:trojan-activity;sid:84482550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619449)"; flow:established,from_client; content:"GET"; http_method; content:"/ypc7knpbdf.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pk.teziriy.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619449/; classtype:trojan-activity;sid:84482549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.20.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619448/; classtype:trojan-activity;sid:84482548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.14.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619447/; classtype:trojan-activity;sid:84482547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619445)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619445/; classtype:trojan-activity;sid:84482545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619446)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619446/; classtype:trojan-activity;sid:84482546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619444)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619444/; classtype:trojan-activity;sid:84482544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619436)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619436/; classtype:trojan-activity;sid:84482536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619437)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619437/; classtype:trojan-activity;sid:84482537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619438)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619438/; classtype:trojan-activity;sid:84482538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619439)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619439/; classtype:trojan-activity;sid:84482539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619440)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619440/; classtype:trojan-activity;sid:84482540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619441)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619441/; classtype:trojan-activity;sid:84482541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619442)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619442/; classtype:trojan-activity;sid:84482542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619443)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619443/; classtype:trojan-activity;sid:84482543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.19.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619435/; classtype:trojan-activity;sid:84482535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.248.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619434/; classtype:trojan-activity;sid:84482534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619433)"; flow:established,from_client; content:"GET"; http_method; content:"/31nijlrb87.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pk.teziriy.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619433/; classtype:trojan-activity;sid:84482533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.119.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619432/; classtype:trojan-activity;sid:84482532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.20.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619431/; classtype:trojan-activity;sid:84482531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.10.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619430/; classtype:trojan-activity;sid:84482530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.170.134.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619429/; classtype:trojan-activity;sid:84482529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619428)"; flow:established,from_client; content:"GET"; http_method; content:"/2g4tsl1h8y.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zom.tyjyxie.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619428/; classtype:trojan-activity;sid:84482528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.90.209"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619427/; classtype:trojan-activity;sid:84482527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.20.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619426/; classtype:trojan-activity;sid:84482526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.248.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619425/; classtype:trojan-activity;sid:84482525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619424)"; flow:established,from_client; content:"GET"; http_method; content:"/c3xuq8oftj.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zom.tyjyxie.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619424/; classtype:trojan-activity;sid:84482524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.206.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619423/; classtype:trojan-activity;sid:84482523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"108.170.134.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619422/; classtype:trojan-activity;sid:84482522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619421)"; flow:established,from_client; content:"GET"; http_method; content:"/nzluzunwq7.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zom.tyjyxie.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619421/; classtype:trojan-activity;sid:84482521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.20.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619420/; classtype:trojan-activity;sid:84482520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.174.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619419/; classtype:trojan-activity;sid:84482519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.142.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619418/; classtype:trojan-activity;sid:84482518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619417)"; flow:established,from_client; content:"GET"; http_method; content:"/r26nuqzrnm.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hs.tyjyxie.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619417/; classtype:trojan-activity;sid:84482517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.135.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619416/; classtype:trojan-activity;sid:84482516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.206.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619415/; classtype:trojan-activity;sid:84482515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.242.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619414/; classtype:trojan-activity;sid:84482514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.3.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619412/; classtype:trojan-activity;sid:84482512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.174.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619413/; classtype:trojan-activity;sid:84482513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619411)"; flow:established,from_client; content:"GET"; http_method; content:"/vbhr6t4x8y.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hs.tyjyxie.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619411/; classtype:trojan-activity;sid:84482511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.226.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619410/; classtype:trojan-activity;sid:84482510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.135.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619409/; classtype:trojan-activity;sid:84482509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.73.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619408/; classtype:trojan-activity;sid:84482508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.3.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619407/; classtype:trojan-activity;sid:84482507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.170.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619406/; classtype:trojan-activity;sid:84482506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.226.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619405/; classtype:trojan-activity;sid:84482505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.73.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619404/; classtype:trojan-activity;sid:84482504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.244.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619403/; classtype:trojan-activity;sid:84482503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.244.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619402/; classtype:trojan-activity;sid:84482502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.234.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619401/; classtype:trojan-activity;sid:84482501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.170.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619400/; classtype:trojan-activity;sid:84482500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.156.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619399/; classtype:trojan-activity;sid:84482499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.34.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619398/; classtype:trojan-activity;sid:84482498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.5.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619397/; classtype:trojan-activity;sid:84482497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.234.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619396/; classtype:trojan-activity;sid:84482496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.190.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619395/; classtype:trojan-activity;sid:84482495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.203.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619394/; classtype:trojan-activity;sid:84482494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.249.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619393/; classtype:trojan-activity;sid:84482493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.249.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619392/; classtype:trojan-activity;sid:84482492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.5.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619391/; classtype:trojan-activity;sid:84482491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.65.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619390/; classtype:trojan-activity;sid:84482490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.122.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619389/; classtype:trojan-activity;sid:84482489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.57.208.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619388/; classtype:trojan-activity;sid:84482488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.157.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619387/; classtype:trojan-activity;sid:84482487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.156.228.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619386/; classtype:trojan-activity;sid:84482486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.159.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619385/; classtype:trojan-activity;sid:84482485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619383)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619383/; classtype:trojan-activity;sid:84482483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619384)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619384/; classtype:trojan-activity;sid:84482484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619381)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619381/; classtype:trojan-activity;sid:84482481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619382)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619382/; classtype:trojan-activity;sid:84482482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619380)"; flow:established,from_client; content:"GET"; http_method; content:"/mass"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619380/; classtype:trojan-activity;sid:84482480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619379)"; flow:established,from_client; content:"GET"; http_method; content:"/zfg.lim"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adapadske.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619379/; classtype:trojan-activity;sid:84482479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.50.57.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619378/; classtype:trojan-activity;sid:84482478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.50.57.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619377/; classtype:trojan-activity;sid:84482477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.240.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619374/; classtype:trojan-activity;sid:84482474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.52.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619375/; classtype:trojan-activity;sid:84482475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.52.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619376/; classtype:trojan-activity;sid:84482476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.96.108.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619372/; classtype:trojan-activity;sid:84482472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.101.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619373/; classtype:trojan-activity;sid:84482473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.234.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619370/; classtype:trojan-activity;sid:84482470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.157.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619371/; classtype:trojan-activity;sid:84482471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.40.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619369/; classtype:trojan-activity;sid:84482469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.159.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619368/; classtype:trojan-activity;sid:84482468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.38.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619367/; classtype:trojan-activity;sid:84482467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.38.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619366/; classtype:trojan-activity;sid:84482466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619365)"; flow:established,from_client; content:"GET"; http_method; content:"/rnit7x29q8.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vru.xapomyo.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619365/; classtype:trojan-activity;sid:84482465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.65.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619364/; classtype:trojan-activity;sid:84482464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.40.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619363/; classtype:trojan-activity;sid:84482463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.38.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619362/; classtype:trojan-activity;sid:84482462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.129.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619361/; classtype:trojan-activity;sid:84482461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619360)"; flow:established,from_client; content:"GET"; http_method; content:"/csv3763dau.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qn.xapomyo.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619360/; classtype:trojan-activity;sid:84482460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.227.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619359/; classtype:trojan-activity;sid:84482459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.43.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619358/; classtype:trojan-activity;sid:84482458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.12.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619357/; classtype:trojan-activity;sid:84482457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619356)"; flow:established,from_client; content:"GET"; http_method; content:"/script.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"107.174.212.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619356/; classtype:trojan-activity;sid:84482456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619355)"; flow:established,from_client; content:"GET"; http_method; content:"/0qvgqxvdj0get5v.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619355/; classtype:trojan-activity;sid:84482455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619354)"; flow:established,from_client; content:"GET"; http_method; content:"/gqxv0lvdget5vj0.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619354/; classtype:trojan-activity;sid:84482454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619353)"; flow:established,from_client; content:"GET"; http_method; content:"/fsc2u3iojcbsqxy.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619353/; classtype:trojan-activity;sid:84482453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619352)"; flow:established,from_client; content:"GET"; http_method; content:"/psr27lb7wr.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qn.xapomyo.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619352/; classtype:trojan-activity;sid:84482452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.129.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619351/; classtype:trojan-activity;sid:84482451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.43.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619350/; classtype:trojan-activity;sid:84482450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619349)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"193.111.248.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619349/; classtype:trojan-activity;sid:84482449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.227.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619348/; classtype:trojan-activity;sid:84482448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619347)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.130.213.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619347/; classtype:trojan-activity;sid:84482447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.73.122.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619346/; classtype:trojan-activity;sid:84482446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619344)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mclighthouse.ir"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619344/; classtype:trojan-activity;sid:84482444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619345)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mclighthouse.ir"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619345/; classtype:trojan-activity;sid:84482445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619343)"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"142.54.160.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619343/; classtype:trojan-activity;sid:84482443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619339)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mclighthouse.ir"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619339/; classtype:trojan-activity;sid:84482439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619340)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.170.245.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619340/; classtype:trojan-activity;sid:84482440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619341)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mclighthouse.ir"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619341/; classtype:trojan-activity;sid:84482441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619342)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"160.191.243.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619342/; classtype:trojan-activity;sid:84482442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619334)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mclighthouse.ir"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619334/; classtype:trojan-activity;sid:84482434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619335)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mclighthouse.ir"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619335/; classtype:trojan-activity;sid:84482435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619336)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mclighthouse.ir"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619336/; classtype:trojan-activity;sid:84482436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619337)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mclighthouse.ir"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619337/; classtype:trojan-activity;sid:84482437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619338)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"160.191.243.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619338/; classtype:trojan-activity;sid:84482438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619333)"; flow:established,from_client; content:"GET"; http_method; content:"/kitty.armv7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"66.78.40.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619333/; classtype:trojan-activity;sid:84482433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619321)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.170.245.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619321/; classtype:trojan-activity;sid:84482421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619322)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mclighthouse.ir"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619322/; classtype:trojan-activity;sid:84482422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619323)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mclighthouse.ir"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619323/; classtype:trojan-activity;sid:84482423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619324)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mclighthouse.ir"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619324/; classtype:trojan-activity;sid:84482424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619325)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.191.243.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619325/; classtype:trojan-activity;sid:84482425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619326)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"160.191.243.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619326/; classtype:trojan-activity;sid:84482426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619327)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.191.243.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619327/; classtype:trojan-activity;sid:84482427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619328)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"160.191.243.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619328/; classtype:trojan-activity;sid:84482428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619329)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.191.243.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619329/; classtype:trojan-activity;sid:84482429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619330)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.191.243.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619330/; classtype:trojan-activity;sid:84482430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619331)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mclighthouse.ir"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619331/; classtype:trojan-activity;sid:84482431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619332)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.191.243.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619332/; classtype:trojan-activity;sid:84482432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619320)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619320/; classtype:trojan-activity;sid:84482420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619316)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.79.126.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619316/; classtype:trojan-activity;sid:84482416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619317)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.79.126.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619317/; classtype:trojan-activity;sid:84482417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619318)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.79.126.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619318/; classtype:trojan-activity;sid:84482418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619319)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"45.79.126.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619319/; classtype:trojan-activity;sid:84482419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619309)"; flow:established,from_client; content:"GET"; http_method; content:"/telnetd"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"142.54.160.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619309/; classtype:trojan-activity;sid:84482409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619310)"; flow:established,from_client; content:"GET"; http_method; content:"/kitty.armv5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"66.78.40.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619310/; classtype:trojan-activity;sid:84482410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619311)"; flow:established,from_client; content:"GET"; http_method; content:"/kitty.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"66.78.40.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619311/; classtype:trojan-activity;sid:84482411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619312)"; flow:established,from_client; content:"GET"; http_method; content:"/kitty.mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"66.78.40.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619312/; classtype:trojan-activity;sid:84482412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619313)"; flow:established,from_client; content:"GET"; http_method; content:"/kitty.armv6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"66.78.40.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619313/; classtype:trojan-activity;sid:84482413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619314)"; flow:established,from_client; content:"GET"; http_method; content:"/kitty.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.78.40.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619314/; classtype:trojan-activity;sid:84482414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619315)"; flow:established,from_client; content:"GET"; http_method; content:"/kitty.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"66.78.40.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619315/; classtype:trojan-activity;sid:84482415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619307)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"160.191.243.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619307/; classtype:trojan-activity;sid:84482407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619308)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"160.191.243.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619308/; classtype:trojan-activity;sid:84482408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619306)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.79.126.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619306/; classtype:trojan-activity;sid:84482406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619303)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mclighthouse.ir"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619303/; classtype:trojan-activity;sid:84482403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619304)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mclighthouse.ir"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619304/; classtype:trojan-activity;sid:84482404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619305)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mclighthouse.ir"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619305/; classtype:trojan-activity;sid:84482405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619302)"; flow:established,from_client; content:"GET"; http_method; content:"/kitty.aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"66.78.40.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619302/; classtype:trojan-activity;sid:84482402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.139.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619301/; classtype:trojan-activity;sid:84482401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619291)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.89.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619291/; classtype:trojan-activity;sid:84482391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619292)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv5l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"23.154.80.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619292/; classtype:trojan-activity;sid:84482392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619293)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.89.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619293/; classtype:trojan-activity;sid:84482393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619294)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.89.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619294/; classtype:trojan-activity;sid:84482394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619295)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.89.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619295/; classtype:trojan-activity;sid:84482395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619296)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.89.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619296/; classtype:trojan-activity;sid:84482396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619297)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.89.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619297/; classtype:trojan-activity;sid:84482397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619298)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.89.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619298/; classtype:trojan-activity;sid:84482398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619299)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.89.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619299/; classtype:trojan-activity;sid:84482399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619300)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.89.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619300/; classtype:trojan-activity;sid:84482400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619290)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.89.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619290/; classtype:trojan-activity;sid:84482390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619289)"; flow:established,from_client; content:"GET"; http_method; content:"/n/mipsel"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.198.234.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619289/; classtype:trojan-activity;sid:84482389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619288)"; flow:established,from_client; content:"GET"; http_method; content:"/n/armv7l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.198.234.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619288/; classtype:trojan-activity;sid:84482388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619287)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.powerpc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"23.154.80.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619287/; classtype:trojan-activity;sid:84482387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619284)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.i686"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.154.80.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619284/; classtype:trojan-activity;sid:84482384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619285)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mipsel"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"23.154.80.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619285/; classtype:trojan-activity;sid:84482385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619286)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arc_gnu_2017.09_prebuilt_uclibc_le_arc700_linux_install"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"23.154.80.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619286/; classtype:trojan-activity;sid:84482386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619279)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"23.154.80.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619279/; classtype:trojan-activity;sid:84482379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619280)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.powerpc-440fp"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"23.154.80.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619280/; classtype:trojan-activity;sid:84482380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619281)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.154.80.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619281/; classtype:trojan-activity;sid:84482381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619282)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.154.80.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619282/; classtype:trojan-activity;sid:84482382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619283)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.i586"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.154.80.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619283/; classtype:trojan-activity;sid:84482383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619278)"; flow:established,from_client; content:"GET"; http_method; content:"/n/armv5l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.198.234.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619278/; classtype:trojan-activity;sid:84482378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619277)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.89.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619277/; classtype:trojan-activity;sid:84482377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619275)"; flow:established,from_client; content:"GET"; http_method; content:"/n/armv4l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.198.234.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619275/; classtype:trojan-activity;sid:84482375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619276)"; flow:established,from_client; content:"GET"; http_method; content:"/n/mips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.198.234.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619276/; classtype:trojan-activity;sid:84482376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619273)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.154.80.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619273/; classtype:trojan-activity;sid:84482373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619274)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"23.154.80.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619274/; classtype:trojan-activity;sid:84482374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619271)"; flow:established,from_client; content:"GET"; http_method; content:"/zy.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.198.234.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619271/; classtype:trojan-activity;sid:84482371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619272)"; flow:established,from_client; content:"GET"; http_method; content:"/testmine/random.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619272/; classtype:trojan-activity;sid:84482372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619270)"; flow:established,from_client; content:"GET"; http_method; content:"/files/603413648/ehrkkzb.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619270/; classtype:trojan-activity;sid:84482370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619268)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8037988884/5xuzykc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619268/; classtype:trojan-activity;sid:84482368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619269)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5055104299/134cuhl.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619269/; classtype:trojan-activity;sid:84482369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.78.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619267/; classtype:trojan-activity;sid:84482367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.73.122.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619266/; classtype:trojan-activity;sid:84482366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.18.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619265/; classtype:trojan-activity;sid:84482365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.220.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619264/; classtype:trojan-activity;sid:84482364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619263)"; flow:established,from_client; content:"GET"; http_method; content:"/c43badrvhk.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qn.xapomyo.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619263/; classtype:trojan-activity;sid:84482363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.69.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619262/; classtype:trojan-activity;sid:84482362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.7.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619261/; classtype:trojan-activity;sid:84482361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619260)"; flow:established,from_client; content:"GET"; http_method; content:"/r5e47svdgm.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qn.xapomyo.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619260/; classtype:trojan-activity;sid:84482360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.73.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619259/; classtype:trojan-activity;sid:84482359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.156.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619258/; classtype:trojan-activity;sid:84482358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.7.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619257/; classtype:trojan-activity;sid:84482357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"207.65.186.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619256/; classtype:trojan-activity;sid:84482356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.99.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619255/; classtype:trojan-activity;sid:84482355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.156.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619254/; classtype:trojan-activity;sid:84482354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.73.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619253/; classtype:trojan-activity;sid:84482353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.17.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619252/; classtype:trojan-activity;sid:84482352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.7.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619251/; classtype:trojan-activity;sid:84482351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619250)"; flow:established,from_client; content:"GET"; http_method; content:"/2yp0njmuoy.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qn.xapomyo.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619250/; classtype:trojan-activity;sid:84482350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.101.19.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619249/; classtype:trojan-activity;sid:84482349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.101.19.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619248/; classtype:trojan-activity;sid:84482348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.214.247.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619247/; classtype:trojan-activity;sid:84482347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.106.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619246/; classtype:trojan-activity;sid:84482346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.234.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619245/; classtype:trojan-activity;sid:84482345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.106.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619244/; classtype:trojan-activity;sid:84482344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.234.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619243/; classtype:trojan-activity;sid:84482343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.38.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619242/; classtype:trojan-activity;sid:84482342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.144.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619241/; classtype:trojan-activity;sid:84482341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619240)"; flow:established,from_client; content:"GET"; http_method; content:"/h3dv7iv9oj.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tz.vikidii.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619240/; classtype:trojan-activity;sid:84482340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.23.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619239/; classtype:trojan-activity;sid:84482339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.234.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619238/; classtype:trojan-activity;sid:84482338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.38.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619237/; classtype:trojan-activity;sid:84482337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.23.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619236/; classtype:trojan-activity;sid:84482336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.77.146.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619235/; classtype:trojan-activity;sid:84482335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619234)"; flow:established,from_client; content:"GET"; http_method; content:"/zchefm6php.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tz.vikidii.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619234/; classtype:trojan-activity;sid:84482334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.214.247.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619233/; classtype:trojan-activity;sid:84482333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619232)"; flow:established,from_client; content:"GET"; http_method; content:"/pqvio66mm8.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tz.vikidii.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619232/; classtype:trojan-activity;sid:84482332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.199.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619231/; classtype:trojan-activity;sid:84482331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.55.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619230/; classtype:trojan-activity;sid:84482330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619229/; classtype:trojan-activity;sid:84482329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.199.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619228/; classtype:trojan-activity;sid:84482328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.76.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619227/; classtype:trojan-activity;sid:84482327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.140.163.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619226/; classtype:trojan-activity;sid:84482326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.15.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619225/; classtype:trojan-activity;sid:84482325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.43.100.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619222/; classtype:trojan-activity;sid:84482322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.78.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619223/; classtype:trojan-activity;sid:84482323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.198.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619224/; classtype:trojan-activity;sid:84482324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619220)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.140.163.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619220/; classtype:trojan-activity;sid:84482320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.110.36.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619221/; classtype:trojan-activity;sid:84482321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.210.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619219/; classtype:trojan-activity;sid:84482319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.71.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619218/; classtype:trojan-activity;sid:84482318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.62.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619217/; classtype:trojan-activity;sid:84482317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.67.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619216/; classtype:trojan-activity;sid:84482316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.110.36.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619215/; classtype:trojan-activity;sid:84482315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.224.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619214/; classtype:trojan-activity;sid:84482314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.71.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619213/; classtype:trojan-activity;sid:84482313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.210.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619212/; classtype:trojan-activity;sid:84482312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619211/; classtype:trojan-activity;sid:84482311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.67.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619210/; classtype:trojan-activity;sid:84482310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.155.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619209/; classtype:trojan-activity;sid:84482309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.62.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619208/; classtype:trojan-activity;sid:84482308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.64.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619207/; classtype:trojan-activity;sid:84482307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.43.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619206/; classtype:trojan-activity;sid:84482306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.71.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619205/; classtype:trojan-activity;sid:84482305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.160.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619204/; classtype:trojan-activity;sid:84482304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619203/; classtype:trojan-activity;sid:84482303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.52.76.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619202/; classtype:trojan-activity;sid:84482302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.177.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619201/; classtype:trojan-activity;sid:84482301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.71.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619200/; classtype:trojan-activity;sid:84482300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.142.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619199/; classtype:trojan-activity;sid:84482299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619198)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"5.181.187.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619198/; classtype:trojan-activity;sid:84482298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619197)"; flow:established,from_client; content:"GET"; http_method; content:"/6326h6nn52.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dr.hulenao.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619197/; classtype:trojan-activity;sid:84482297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.64.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619196/; classtype:trojan-activity;sid:84482296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619195)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"5.181.187.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619195/; classtype:trojan-activity;sid:84482295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619185)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"5.181.187.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619185/; classtype:trojan-activity;sid:84482285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619186)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"5.181.187.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619186/; classtype:trojan-activity;sid:84482286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619187)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"196.251.84.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619187/; classtype:trojan-activity;sid:84482287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.93.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619188/; classtype:trojan-activity;sid:84482288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619189)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.84.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619189/; classtype:trojan-activity;sid:84482289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619190)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"5.181.187.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619190/; classtype:trojan-activity;sid:84482290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619191)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.170.245.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619191/; classtype:trojan-activity;sid:84482291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619192)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.181.187.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619192/; classtype:trojan-activity;sid:84482292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619193)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"5.181.187.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619193/; classtype:trojan-activity;sid:84482293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619194)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.84.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619194/; classtype:trojan-activity;sid:84482294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619174)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"5.181.187.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619174/; classtype:trojan-activity;sid:84482274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619175)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"5.181.187.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619175/; classtype:trojan-activity;sid:84482275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619176)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"5.181.187.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619176/; classtype:trojan-activity;sid:84482276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619177)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"196.251.84.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619177/; classtype:trojan-activity;sid:84482277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619178)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.84.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619178/; classtype:trojan-activity;sid:84482278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619179)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"5.181.187.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619179/; classtype:trojan-activity;sid:84482279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619180)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.84.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619180/; classtype:trojan-activity;sid:84482280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619181)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"5.181.187.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619181/; classtype:trojan-activity;sid:84482281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619182)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"5.181.187.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619182/; classtype:trojan-activity;sid:84482282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619183)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"196.251.84.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619183/; classtype:trojan-activity;sid:84482283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619184)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"196.251.84.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619184/; classtype:trojan-activity;sid:84482284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619167)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"5.181.187.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619167/; classtype:trojan-activity;sid:84482267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619168)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.84.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619168/; classtype:trojan-activity;sid:84482268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619169)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.84.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619169/; classtype:trojan-activity;sid:84482269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619170)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"196.251.84.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619170/; classtype:trojan-activity;sid:84482270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619171)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"196.251.84.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619171/; classtype:trojan-activity;sid:84482271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619172)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"196.251.84.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619172/; classtype:trojan-activity;sid:84482272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619173)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.84.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619173/; classtype:trojan-activity;sid:84482273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.160.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619166/; classtype:trojan-activity;sid:84482266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.191.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619165/; classtype:trojan-activity;sid:84482265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.93.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619164/; classtype:trojan-activity;sid:84482264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.182.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619163/; classtype:trojan-activity;sid:84482263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.94.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619162/; classtype:trojan-activity;sid:84482262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.177.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619161/; classtype:trojan-activity;sid:84482261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619160)"; flow:established,from_client; content:"GET"; http_method; content:"/4ak7onss4m.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dr.hulenao.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619160/; classtype:trojan-activity;sid:84482260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.182.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619159/; classtype:trojan-activity;sid:84482259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.241.143.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619158/; classtype:trojan-activity;sid:84482258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.242.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619157/; classtype:trojan-activity;sid:84482257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.94.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619156/; classtype:trojan-activity;sid:84482256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.103.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619155/; classtype:trojan-activity;sid:84482255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.95.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619154/; classtype:trojan-activity;sid:84482254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.35.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619153/; classtype:trojan-activity;sid:84482253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619152)"; flow:established,from_client; content:"GET"; http_method; content:"/625fb3zvjx.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dr.hulenao.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619152/; classtype:trojan-activity;sid:84482252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.200.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619151/; classtype:trojan-activity;sid:84482251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.142.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619150/; classtype:trojan-activity;sid:84482250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.158.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619149/; classtype:trojan-activity;sid:84482249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.241.143.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619148/; classtype:trojan-activity;sid:84482248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.77.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619147/; classtype:trojan-activity;sid:84482247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.23.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619146/; classtype:trojan-activity;sid:84482246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.185.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619145/; classtype:trojan-activity;sid:84482245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.142.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619144/; classtype:trojan-activity;sid:84482244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.178.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619143/; classtype:trojan-activity;sid:84482243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.66.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619142/; classtype:trojan-activity;sid:84482242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.216.213.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619141/; classtype:trojan-activity;sid:84482241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.21.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619140/; classtype:trojan-activity;sid:84482240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.63.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619139/; classtype:trojan-activity;sid:84482239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.51.87"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619138/; classtype:trojan-activity;sid:84482238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.178.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619137/; classtype:trojan-activity;sid:84482237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.66.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619136/; classtype:trojan-activity;sid:84482236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.104.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619135/; classtype:trojan-activity;sid:84482235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.104.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619134/; classtype:trojan-activity;sid:84482234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.249.217.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619133/; classtype:trojan-activity;sid:84482233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619132)"; flow:established,from_client; content:"GET"; http_method; content:"/x19uxeew7f.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dr.hulenao.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619132/; classtype:trojan-activity;sid:84482232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.104.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619131/; classtype:trojan-activity;sid:84482231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.106.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619130/; classtype:trojan-activity;sid:84482230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.216.213.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619129/; classtype:trojan-activity;sid:84482229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.104.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619128/; classtype:trojan-activity;sid:84482228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.104.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619127/; classtype:trojan-activity;sid:84482227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.249.217.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619126/; classtype:trojan-activity;sid:84482226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.144.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619125/; classtype:trojan-activity;sid:84482225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.109.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619124/; classtype:trojan-activity;sid:84482224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.179.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619123/; classtype:trojan-activity;sid:84482223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.53.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619122/; classtype:trojan-activity;sid:84482222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.39.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619121/; classtype:trojan-activity;sid:84482221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.133.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619120/; classtype:trojan-activity;sid:84482220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619119)"; flow:established,from_client; content:"GET"; http_method; content:"/dq1dtvwkcs.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dr.hulenao.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619119/; classtype:trojan-activity;sid:84482219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.232.175.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619118/; classtype:trojan-activity;sid:84482218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.139.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619117/; classtype:trojan-activity;sid:84482217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.25.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619116/; classtype:trojan-activity;sid:84482216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.109.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619115/; classtype:trojan-activity;sid:84482215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619114)"; flow:established,from_client; content:"GET"; http_method; content:"/app_win/random.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619114/; classtype:trojan-activity;sid:84482214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619113)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8283443171/ltrpirr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619113/; classtype:trojan-activity;sid:84482213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619112)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5968325780/oxyukcz.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619112/; classtype:trojan-activity;sid:84482212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619111)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8283443171/zh5z3ok.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619111/; classtype:trojan-activity;sid:84482211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.133.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619110/; classtype:trojan-activity;sid:84482210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619109)"; flow:established,from_client; content:"GET"; http_method; content:"/newdef/random.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619109/; classtype:trojan-activity;sid:84482209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.53.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619108/; classtype:trojan-activity;sid:84482208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619107)"; flow:established,from_client; content:"GET"; http_method; content:"/dicc3exag9.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dr.hulenao.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619107/; classtype:trojan-activity;sid:84482207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.139.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619106/; classtype:trojan-activity;sid:84482206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.30.196.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619105/; classtype:trojan-activity;sid:84482205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.25.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619104/; classtype:trojan-activity;sid:84482204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.158.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619103/; classtype:trojan-activity;sid:84482203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.30.196.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619102/; classtype:trojan-activity;sid:84482202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619098)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"bindpagos.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619098/; classtype:trojan-activity;sid:84482198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619099)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"roraffle.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619099/; classtype:trojan-activity;sid:84482199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.38.3.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619100/; classtype:trojan-activity;sid:84482200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.52.76.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619101/; classtype:trojan-activity;sid:84482201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619097)"; flow:established,from_client; content:"GET"; http_method; content:"/rbpoew8l49.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dr.hulenao.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619097/; classtype:trojan-activity;sid:84482197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619096)"; flow:established,from_client; content:"GET"; http_method; content:"/q0s2028tpd.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gri.cyzukae.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619096/; classtype:trojan-activity;sid:84482196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.241.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619095/; classtype:trojan-activity;sid:84482195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619094/; classtype:trojan-activity;sid:84482194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.241.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619093/; classtype:trojan-activity;sid:84482193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619092)"; flow:established,from_client; content:"GET"; http_method; content:"/f57xgrupk2.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gri.cyzukae.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619092/; classtype:trojan-activity;sid:84482192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.165.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619091/; classtype:trojan-activity;sid:84482191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.188.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619090/; classtype:trojan-activity;sid:84482190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.5.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619089/; classtype:trojan-activity;sid:84482189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.92.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619088/; classtype:trojan-activity;sid:84482188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619087)"; flow:established,from_client; content:"GET"; http_method; content:"/glmplthawb.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vm.cyzukae.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619087/; classtype:trojan-activity;sid:84482187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.232.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619086/; classtype:trojan-activity;sid:84482186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619085)"; flow:established,from_client; content:"GET"; http_method; content:"/dlthqtzjo4.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kal.biryquo.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619085/; classtype:trojan-activity;sid:84482185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619084/; classtype:trojan-activity;sid:84482184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.165.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619083/; classtype:trojan-activity;sid:84482183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.5.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619082/; classtype:trojan-activity;sid:84482182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619081/; classtype:trojan-activity;sid:84482181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.74.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619080/; classtype:trojan-activity;sid:84482180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.77.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619079/; classtype:trojan-activity;sid:84482179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619078/; classtype:trojan-activity;sid:84482178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619077)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.13.186"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619077/; classtype:trojan-activity;sid:84482177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.48.121.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619076/; classtype:trojan-activity;sid:84482176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.237.25.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619074/; classtype:trojan-activity;sid:84482174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.25.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619075/; classtype:trojan-activity;sid:84482175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.142.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619073/; classtype:trojan-activity;sid:84482173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.254.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619072/; classtype:trojan-activity;sid:84482172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.25.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619071/; classtype:trojan-activity;sid:84482171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.55.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619070/; classtype:trojan-activity;sid:84482170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.142.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619068/; classtype:trojan-activity;sid:84482168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619069/; classtype:trojan-activity;sid:84482169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.25.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619067/; classtype:trojan-activity;sid:84482167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.32.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619066/; classtype:trojan-activity;sid:84482166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.132.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619065/; classtype:trojan-activity;sid:84482165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.93.57.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619064/; classtype:trojan-activity;sid:84482164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.55.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619063/; classtype:trojan-activity;sid:84482163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.87.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619062/; classtype:trojan-activity;sid:84482162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619061)"; flow:established,from_client; content:"GET"; http_method; content:"/6x9uowvyyx.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vra.fokymeu.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619061/; classtype:trojan-activity;sid:84482161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.97.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619060/; classtype:trojan-activity;sid:84482160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.74.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619059/; classtype:trojan-activity;sid:84482159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.1.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619058/; classtype:trojan-activity;sid:84482158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.32.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619057/; classtype:trojan-activity;sid:84482157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.18.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619056/; classtype:trojan-activity;sid:84482156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.87.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619055/; classtype:trojan-activity;sid:84482155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.97.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619054/; classtype:trojan-activity;sid:84482154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619053)"; flow:established,from_client; content:"GET"; http_method; content:"/mc1niw0dju.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dk.fokymeu.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619053/; classtype:trojan-activity;sid:84482153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.63.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619052/; classtype:trojan-activity;sid:84482152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619051)"; flow:established,from_client; content:"GET"; http_method; content:"/kqkck9zeb8.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dk.fokymeu.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619051/; classtype:trojan-activity;sid:84482151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.49.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619050/; classtype:trojan-activity;sid:84482150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.93.57.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619049/; classtype:trojan-activity;sid:84482149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.116.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619048/; classtype:trojan-activity;sid:84482148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.196.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619047/; classtype:trojan-activity;sid:84482147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619046)"; flow:established,from_client; content:"GET"; http_method; content:"/1jinmx0c4v.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dk.fokymeu.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619046/; classtype:trojan-activity;sid:84482146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619044)"; flow:established,from_client; content:"GET"; http_method; content:"/ban.tar"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"194.182.85.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619044/; classtype:trojan-activity;sid:84482144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619045)"; flow:established,from_client; content:"GET"; http_method; content:"/start.bat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.182.85.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619045/; classtype:trojan-activity;sid:84482145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619043)"; flow:established,from_client; content:"GET"; http_method; content:"/arb.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"194.182.85.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619043/; classtype:trojan-activity;sid:84482143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619041)"; flow:established,from_client; content:"GET"; http_method; content:"/load.py"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"194.182.85.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619041/; classtype:trojan-activity;sid:84482141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619042)"; flow:established,from_client; content:"GET"; http_method; content:"/de/ihre%20bestellung%20de-o09989a1.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"194.182.85.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619042/; classtype:trojan-activity;sid:84482142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619040)"; flow:established,from_client; content:"GET"; http_method; content:"/job.wsf"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"194.182.85.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619040/; classtype:trojan-activity;sid:84482140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619039)"; flow:established,from_client; content:"GET"; http_method; content:"/unimed.corporation/unimed.document/unimed.bat"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"181.224.24.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619039/; classtype:trojan-activity;sid:84482139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619038/; classtype:trojan-activity;sid:84482138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619034)"; flow:established,from_client; content:"GET"; http_method; content:"/ingra/ingra.txt"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"unimed-corporation.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619034/; classtype:trojan-activity;sid:84482134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619035)"; flow:established,from_client; content:"GET"; http_method; content:"/unimed.corporation/unimed.bat"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"181.224.24.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619035/; classtype:trojan-activity;sid:84482135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619036)"; flow:established,from_client; content:"GET"; http_method; content:"/n/ingra.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"unimed-corporation.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619036/; classtype:trojan-activity;sid:84482136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619037)"; flow:established,from_client; content:"GET"; http_method; content:"/unimed.corporation/unimed.document/www.unimednacionale.coop/rooming%20list%20unimed%20corporation.pdf%20adobe%20reader%20%2853%20kb%29%2elnk"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"181.224.24.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619037/; classtype:trojan-activity;sid:84482137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619033)"; flow:established,from_client; content:"GET"; http_method; content:"/documento.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"office-service-cdt.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619033/; classtype:trojan-activity;sid:84482133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.42.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619032/; classtype:trojan-activity;sid:84482132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.14.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619031/; classtype:trojan-activity;sid:84482131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.116.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619029/; classtype:trojan-activity;sid:84482129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.23.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619030/; classtype:trojan-activity;sid:84482130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619028)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.gloubhoumyayfo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619028/; classtype:trojan-activity;sid:84482128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619027)"; flow:established,from_client; content:"GET"; http_method; content:"/v4lpanbxxp.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"peu.dygyliy.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619027/; classtype:trojan-activity;sid:84482127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619025)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.gloubhoumyayfo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619025/; classtype:trojan-activity;sid:84482125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619026)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"roraffle.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619026/; classtype:trojan-activity;sid:84482126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619024)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/palacsintafemboy.out"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.249.198.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619024/; classtype:trojan-activity;sid:84482124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619023)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619023/; classtype:trojan-activity;sid:84482123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619021)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bindpagos.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619021/; classtype:trojan-activity;sid:84482121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619022)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"roraffle.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619022/; classtype:trojan-activity;sid:84482122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619004)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bindpagos.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619004/; classtype:trojan-activity;sid:84482104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619005)"; flow:established,from_client; content:"GET"; http_method; content:"/ttt.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.73.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619005/; classtype:trojan-activity;sid:84482105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619006)"; flow:established,from_client; content:"GET"; http_method; content:"/busy.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"h3x.pro"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619006/; classtype:trojan-activity;sid:84482106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619007)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619007/; classtype:trojan-activity;sid:84482107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619008)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.wiyeanamak.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619008/; classtype:trojan-activity;sid:84482108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619009)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"bindpagos.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619009/; classtype:trojan-activity;sid:84482109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619010)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h3x.pro"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619010/; classtype:trojan-activity;sid:84482110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619011)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619011/; classtype:trojan-activity;sid:84482111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619012)"; flow:established,from_client; content:"GET"; http_method; content:"/fff.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.73.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619012/; classtype:trojan-activity;sid:84482112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619013)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"h3x.pro"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619013/; classtype:trojan-activity;sid:84482113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619014)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"h3x.pro"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619014/; classtype:trojan-activity;sid:84482114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619015)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.wiyeanamak.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619015/; classtype:trojan-activity;sid:84482115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619016)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"roraffle.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619016/; classtype:trojan-activity;sid:84482116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619017)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bindpagos.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619017/; classtype:trojan-activity;sid:84482117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619018)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.wiyeanamak.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619018/; classtype:trojan-activity;sid:84482118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619019)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h3x.pro"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619019/; classtype:trojan-activity;sid:84482119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619020)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"h3x.pro"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619020/; classtype:trojan-activity;sid:84482120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618997)"; flow:established,from_client; content:"GET"; http_method; content:"/fff.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.gloubhoumyayfo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618997/; classtype:trojan-activity;sid:84482097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618998)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ransokk.de"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618998/; classtype:trojan-activity;sid:84482098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618999)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bindpagos.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618999/; classtype:trojan-activity;sid:84482099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619000)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"o365drive-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619000/; classtype:trojan-activity;sid:84482100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619001)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619001/; classtype:trojan-activity;sid:84482101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619002)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619002/; classtype:trojan-activity;sid:84482102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619003)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h3x.pro"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3619003/; classtype:trojan-activity;sid:84482103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618995)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"bindpagos.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618995/; classtype:trojan-activity;sid:84482095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618996)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"roraffle.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618996/; classtype:trojan-activity;sid:84482096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618992)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/palacsintafemboy.m68k"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.249.198.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618992/; classtype:trojan-activity;sid:84482092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618993)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.gloubhoumyayfo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618993/; classtype:trojan-activity;sid:84482093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618994)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.gloubhoumyayfo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618994/; classtype:trojan-activity;sid:84482094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618985)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"roraffle.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618985/; classtype:trojan-activity;sid:84482085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618986)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/palacsintafemboy.x86"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ficksau.work.gd"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618986/; classtype:trojan-activity;sid:84482086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618987)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618987/; classtype:trojan-activity;sid:84482087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618988)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/palacsintafemboy.x86_32"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"ficksau.work.gd"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618988/; classtype:trojan-activity;sid:84482088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618989)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618989/; classtype:trojan-activity;sid:84482089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618990)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.gloubhoumyayfo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618990/; classtype:trojan-activity;sid:84482090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618991)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618991/; classtype:trojan-activity;sid:84482091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618982)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/palacsintafemboy.arm"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.249.198.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618982/; classtype:trojan-activity;sid:84482082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618983)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/palacsintafemboy.arc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ficksau.work.gd"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618983/; classtype:trojan-activity;sid:84482083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618984)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/palacsintafemboy.arm6"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ficksau.work.gd"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618984/; classtype:trojan-activity;sid:84482084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618971)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/palacsintafemboy.spc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.249.198.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618971/; classtype:trojan-activity;sid:84482071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618972)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"h3x.pro"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618972/; classtype:trojan-activity;sid:84482072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618973)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.x86_32"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618973/; classtype:trojan-activity;sid:84482073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618974)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"bindpagos.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618974/; classtype:trojan-activity;sid:84482074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618975)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.gloubhoumyayfo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618975/; classtype:trojan-activity;sid:84482075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618976)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bindpagos.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618976/; classtype:trojan-activity;sid:84482076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618977)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618977/; classtype:trojan-activity;sid:84482077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618978)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/palacsintafemboy.mips"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.249.198.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618978/; classtype:trojan-activity;sid:84482078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618979)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618979/; classtype:trojan-activity;sid:84482079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618980)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.wiyeanamak.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618980/; classtype:trojan-activity;sid:84482080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618981)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.gloubhoumyayfo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618981/; classtype:trojan-activity;sid:84482081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618965)"; flow:established,from_client; content:"GET"; http_method; content:"/wg.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.73.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618965/; classtype:trojan-activity;sid:84482065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618966)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"h3x.pro"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618966/; classtype:trojan-activity;sid:84482066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618967)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/palacsintafemboy.x86"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.249.198.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618967/; classtype:trojan-activity;sid:84482067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618968)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.gloubhoumyayfo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618968/; classtype:trojan-activity;sid:84482068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618969)"; flow:established,from_client; content:"GET"; http_method; content:"/zatoempire.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618969/; classtype:trojan-activity;sid:84482069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618970)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cnnetwork.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618970/; classtype:trojan-activity;sid:84482070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618962)"; flow:established,from_client; content:"GET"; http_method; content:"/wg.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"h3x.pro"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618962/; classtype:trojan-activity;sid:84482062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618963)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618963/; classtype:trojan-activity;sid:84482063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618964)"; flow:established,from_client; content:"GET"; http_method; content:"/a/wget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618964/; classtype:trojan-activity;sid:84482064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618960)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.mipsel"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618960/; classtype:trojan-activity;sid:84482060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618961)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"roraffle.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618961/; classtype:trojan-activity;sid:84482061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618957)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"roraffle.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618957/; classtype:trojan-activity;sid:84482057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618958)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"bindpagos.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618958/; classtype:trojan-activity;sid:84482058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618959)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"roraffle.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618959/; classtype:trojan-activity;sid:84482059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618951)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618951/; classtype:trojan-activity;sid:84482051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618952)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.wiyeanamak.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618952/; classtype:trojan-activity;sid:84482052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618953)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"roraffle.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618953/; classtype:trojan-activity;sid:84482053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618954)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/palacsintafemboy.arc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.249.198.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618954/; classtype:trojan-activity;sid:84482054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618955)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h3x.pro"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618955/; classtype:trojan-activity;sid:84482055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618956)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.wiyeanamak.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618956/; classtype:trojan-activity;sid:84482056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618940)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"bindpagos.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618940/; classtype:trojan-activity;sid:84482040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618941)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bindpagos.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618941/; classtype:trojan-activity;sid:84482041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618942)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"roraffle.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618942/; classtype:trojan-activity;sid:84482042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618943)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/palacsintafemboy.arm6"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.249.198.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618943/; classtype:trojan-activity;sid:84482043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618944)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bindpagos.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618944/; classtype:trojan-activity;sid:84482044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618945)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"roraffle.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618945/; classtype:trojan-activity;sid:84482045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618946)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"bindpagos.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618946/; classtype:trojan-activity;sid:84482046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618947)"; flow:established,from_client; content:"GET"; http_method; content:"/ttt.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"h3x.pro"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618947/; classtype:trojan-activity;sid:84482047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618948)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"roraffle.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618948/; classtype:trojan-activity;sid:84482048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618949)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.wiyeanamak.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618949/; classtype:trojan-activity;sid:84482049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618950)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/palacsintafemboy.mpsl"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ficksau.work.gd"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618950/; classtype:trojan-activity;sid:84482050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618932)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.wiyeanamak.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618932/; classtype:trojan-activity;sid:84482032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618933)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/palacsintafemboy.mpsl"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.249.198.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618933/; classtype:trojan-activity;sid:84482033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618934)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.gloubhoumyayfo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618934/; classtype:trojan-activity;sid:84482034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618935)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"h3x.pro"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618935/; classtype:trojan-activity;sid:84482035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618936)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/palacsintafemboy.arm5"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ficksau.work.gd"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618936/; classtype:trojan-activity;sid:84482036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618937)"; flow:established,from_client; content:"GET"; http_method; content:"/wg.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"www.gloubhoumyayfo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618937/; classtype:trojan-activity;sid:84482037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618938)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618938/; classtype:trojan-activity;sid:84482038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618939)"; flow:established,from_client; content:"GET"; http_method; content:"/busy.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.gloubhoumyayfo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618939/; classtype:trojan-activity;sid:84482039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618931)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/palacsintafemboy.ppc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.249.198.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618931/; classtype:trojan-activity;sid:84482031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618930)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h3x.pro"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618930/; classtype:trojan-activity;sid:84482030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618926)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618926/; classtype:trojan-activity;sid:84482026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618927)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/palacsintafemboy.arm5"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.249.198.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618927/; classtype:trojan-activity;sid:84482027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618928)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/palacsintafemboy.ppc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ficksau.work.gd"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618928/; classtype:trojan-activity;sid:84482028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618929)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"h3x.pro"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618929/; classtype:trojan-activity;sid:84482029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618906)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.gloubhoumyayfo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618906/; classtype:trojan-activity;sid:84482006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618907)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"bindpagos.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618907/; classtype:trojan-activity;sid:84482007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618908)"; flow:established,from_client; content:"GET"; http_method; content:"/busy.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.wiyeanamak.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618908/; classtype:trojan-activity;sid:84482008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618909)"; flow:established,from_client; content:"GET"; http_method; content:"/fff.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"h3x.pro"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618909/; classtype:trojan-activity;sid:84482009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618910)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"roraffle.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618910/; classtype:trojan-activity;sid:84482010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618911)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.wiyeanamak.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618911/; classtype:trojan-activity;sid:84482011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618912)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cnnetwork.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618912/; classtype:trojan-activity;sid:84482012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618913)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.wiyeanamak.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618913/; classtype:trojan-activity;sid:84482013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618914)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h3x.pro"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618914/; classtype:trojan-activity;sid:84482014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618915)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.gloubhoumyayfo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618915/; classtype:trojan-activity;sid:84482015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618916)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618916/; classtype:trojan-activity;sid:84482016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618917)"; flow:established,from_client; content:"GET"; http_method; content:"/rt.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618917/; classtype:trojan-activity;sid:84482017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618918)"; flow:established,from_client; content:"GET"; http_method; content:"/wg.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"www.wiyeanamak.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618918/; classtype:trojan-activity;sid:84482018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618919)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.gloubhoumyayfo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618919/; classtype:trojan-activity;sid:84482019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618920)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cnnetwork.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618920/; classtype:trojan-activity;sid:84482020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618921)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.gloubhoumyayfo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618921/; classtype:trojan-activity;sid:84482021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618922)"; flow:established,from_client; content:"GET"; http_method; content:"/ttt.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.wiyeanamak.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618922/; classtype:trojan-activity;sid:84482022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618923)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bindpagos.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618923/; classtype:trojan-activity;sid:84482023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618924)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"o365drive-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618924/; classtype:trojan-activity;sid:84482024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618925)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.wiyeanamak.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618925/; classtype:trojan-activity;sid:84482025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618904)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/palacsintafemboy.sh4"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ficksau.work.gd"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618904/; classtype:trojan-activity;sid:84482004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618905)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.gloubhoumyayfo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618905/; classtype:trojan-activity;sid:84482005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618902)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/palacsintafemboy.arm"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ficksau.work.gd"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618902/; classtype:trojan-activity;sid:84482002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618903)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/palacsintafemboy.out"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ficksau.work.gd"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618903/; classtype:trojan-activity;sid:84482003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618901)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/palacsintafemboy.m68k"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ficksau.work.gd"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618901/; classtype:trojan-activity;sid:84482001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618872)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.wiyeanamak.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618872/; classtype:trojan-activity;sid:84481972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618873)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.gloubhoumyayfo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618873/; classtype:trojan-activity;sid:84481973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618874)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.wiyeanamak.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618874/; classtype:trojan-activity;sid:84481974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618875)"; flow:established,from_client; content:"GET"; http_method; content:"/busy.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.73.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618875/; classtype:trojan-activity;sid:84481975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618876)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618876/; classtype:trojan-activity;sid:84481976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618877)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618877/; classtype:trojan-activity;sid:84481977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618878)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618878/; classtype:trojan-activity;sid:84481978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618879)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.arm4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618879/; classtype:trojan-activity;sid:84481979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618880)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"h3x.pro"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618880/; classtype:trojan-activity;sid:84481980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618881)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"roraffle.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618881/; classtype:trojan-activity;sid:84481981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618882)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"h3x.pro"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618882/; classtype:trojan-activity;sid:84481982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618883)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.wiyeanamak.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618883/; classtype:trojan-activity;sid:84481983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618884)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"o365drive-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618884/; classtype:trojan-activity;sid:84481984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618885)"; flow:established,from_client; content:"GET"; http_method; content:"/ttt.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.gloubhoumyayfo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618885/; classtype:trojan-activity;sid:84481985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618886)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.wiyeanamak.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618886/; classtype:trojan-activity;sid:84481986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618887)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"bindpagos.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618887/; classtype:trojan-activity;sid:84481987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618888)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.wiyeanamak.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618888/; classtype:trojan-activity;sid:84481988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618889)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.gloubhoumyayfo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618889/; classtype:trojan-activity;sid:84481989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618890)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618890/; classtype:trojan-activity;sid:84481990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618891)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"o365drive-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618891/; classtype:trojan-activity;sid:84481991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618892)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"roraffle.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618892/; classtype:trojan-activity;sid:84481992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618893)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618893/; classtype:trojan-activity;sid:84481993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618894)"; flow:established,from_client; content:"GET"; http_method; content:"/fff.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.wiyeanamak.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618894/; classtype:trojan-activity;sid:84481994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618895)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"roraffle.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618895/; classtype:trojan-activity;sid:84481995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618896)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/palacsintafemboy.x86_32"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.249.198.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618896/; classtype:trojan-activity;sid:84481996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618897)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"h3x.pro"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618897/; classtype:trojan-activity;sid:84481997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618898)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/palacsintafemboy.sh4"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.249.198.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618898/; classtype:trojan-activity;sid:84481998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618899)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618899/; classtype:trojan-activity;sid:84481999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618900)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2202507289248365122.bestsrv.de"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618900/; classtype:trojan-activity;sid:84482000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618871)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/palacsintafemboy.mips"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ficksau.work.gd"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618871/; classtype:trojan-activity;sid:84481971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618870)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/palacsintafemboy.spc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ficksau.work.gd"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618870/; classtype:trojan-activity;sid:84481970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618869/; classtype:trojan-activity;sid:84481969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.117.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618866/; classtype:trojan-activity;sid:84481966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.117.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618867/; classtype:trojan-activity;sid:84481967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.17.78.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618868/; classtype:trojan-activity;sid:84481968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.54.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618864/; classtype:trojan-activity;sid:84481964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.42.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618865/; classtype:trojan-activity;sid:84481965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618863)"; flow:established,from_client; content:"GET"; http_method; content:"/95084q5z2u.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"peu.dygyliy.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618863/; classtype:trojan-activity;sid:84481963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618861)"; flow:established,from_client; content:"GET"; http_method; content:"/arb.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"britney-dollar-brass-mat.trycloudflare.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618861/; classtype:trojan-activity;sid:84481961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618862)"; flow:established,from_client; content:"GET"; http_method; content:"/pso5jzc7qy.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ms.dygyliy.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618862/; classtype:trojan-activity;sid:84481962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618860)"; flow:established,from_client; content:"GET"; http_method; content:"/arb.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"40.160.230.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618860/; classtype:trojan-activity;sid:84481960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618859)"; flow:established,from_client; content:"GET"; http_method; content:"/mas.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"40.160.230.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618859/; classtype:trojan-activity;sid:84481959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618858)"; flow:established,from_client; content:"GET"; http_method; content:"/mas.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"britney-dollar-brass-mat.trycloudflare.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618858/; classtype:trojan-activity;sid:84481958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618853)"; flow:established,from_client; content:"GET"; http_method; content:"/bill.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"britney-dollar-brass-mat.trycloudflare.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618853/; classtype:trojan-activity;sid:84481953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618854)"; flow:established,from_client; content:"GET"; http_method; content:"/start.cmd"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"britney-dollar-brass-mat.trycloudflare.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618854/; classtype:trojan-activity;sid:84481954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618855)"; flow:established,from_client; content:"GET"; http_method; content:"/start.cmd"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"40.160.230.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618855/; classtype:trojan-activity;sid:84481955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618856)"; flow:established,from_client; content:"GET"; http_method; content:"/bill.wsf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"40.160.230.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618856/; classtype:trojan-activity;sid:84481956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618857)"; flow:established,from_client; content:"GET"; http_method; content:"/bill.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"40.160.230.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618857/; classtype:trojan-activity;sid:84481957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618852)"; flow:established,from_client; content:"GET"; http_method; content:"/bill.wsf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"britney-dollar-brass-mat.trycloudflare.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618852/; classtype:trojan-activity;sid:84481952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.136.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618851/; classtype:trojan-activity;sid:84481951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618850)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.15.134.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618850/; classtype:trojan-activity;sid:84481950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618849)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.166.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618849/; classtype:trojan-activity;sid:84481949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618846)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.82.81.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618846/; classtype:trojan-activity;sid:84481946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618847)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.207.178.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618847/; classtype:trojan-activity;sid:84481947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618848)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.48.24.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618848/; classtype:trojan-activity;sid:84481948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618845)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.15.134.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618845/; classtype:trojan-activity;sid:84481945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.241.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618844/; classtype:trojan-activity;sid:84481944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618843)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.182.155.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618843/; classtype:trojan-activity;sid:84481943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618836)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.246.160.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618836/; classtype:trojan-activity;sid:84481936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618837)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.40.115.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618837/; classtype:trojan-activity;sid:84481937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618838)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.44.90.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618838/; classtype:trojan-activity;sid:84481938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618839)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.143.191.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618839/; classtype:trojan-activity;sid:84481939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618840)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.19.41.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618840/; classtype:trojan-activity;sid:84481940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618841)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.180.249.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618841/; classtype:trojan-activity;sid:84481941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618842)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"222.149.239.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618842/; classtype:trojan-activity;sid:84481942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.215.199.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618831/; classtype:trojan-activity;sid:84481931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618832)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.163.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618832/; classtype:trojan-activity;sid:84481932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618833)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.139.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618833/; classtype:trojan-activity;sid:84481933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618834)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"97.130.251.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618834/; classtype:trojan-activity;sid:84481934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618835)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"27.74.51.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618835/; classtype:trojan-activity;sid:84481935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618830)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.162.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618830/; classtype:trojan-activity;sid:84481930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.247.121.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618828/; classtype:trojan-activity;sid:84481928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.149.0.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618829/; classtype:trojan-activity;sid:84481929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.77.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618826/; classtype:trojan-activity;sid:84481926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.35.211.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618827/; classtype:trojan-activity;sid:84481927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618825)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.179.166.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618825/; classtype:trojan-activity;sid:84481925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.157.28.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618824/; classtype:trojan-activity;sid:84481924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.36.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618823/; classtype:trojan-activity;sid:84481923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.189.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618822/; classtype:trojan-activity;sid:84481922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618821)"; flow:established,from_client; content:"GET"; http_method; content:"/pqgjprek4h.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ms.dygyliy.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618821/; classtype:trojan-activity;sid:84481921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.54.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618820/; classtype:trojan-activity;sid:84481920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618819)"; flow:established,from_client; content:"GET"; http_method; content:"/v71j2k5kew.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"klo.xevenyu.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618819/; classtype:trojan-activity;sid:84481919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.134.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618818/; classtype:trojan-activity;sid:84481918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.192.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618817/; classtype:trojan-activity;sid:84481917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618816)"; flow:established,from_client; content:"GET"; http_method; content:"/86nuv0etxr.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vz.xevenyu.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618816/; classtype:trojan-activity;sid:84481916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.36.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618815/; classtype:trojan-activity;sid:84481915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.193.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618814/; classtype:trojan-activity;sid:84481914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618813)"; flow:established,from_client; content:"GET"; http_method; content:"/6k200d18q1.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"laj.tigelie.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618813/; classtype:trojan-activity;sid:84481913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.243.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618812/; classtype:trojan-activity;sid:84481912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.218.241.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618811/; classtype:trojan-activity;sid:84481911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.243.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618810/; classtype:trojan-activity;sid:84481910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.13.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618808/; classtype:trojan-activity;sid:84481908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.180.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618809/; classtype:trojan-activity;sid:84481909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.83.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618807/; classtype:trojan-activity;sid:84481907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618806)"; flow:established,from_client; content:"GET"; http_method; content:"/62a07963031b17c6/arm"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.196.10.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618806/; classtype:trojan-activity;sid:84481906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.89.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618803/; classtype:trojan-activity;sid:84481903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.38.3.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618804/; classtype:trojan-activity;sid:84481904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.38.3.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618805/; classtype:trojan-activity;sid:84481905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.134.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618802/; classtype:trojan-activity;sid:84481902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618801)"; flow:established,from_client; content:"GET"; http_method; content:"/23ukfmj1ad.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"rc.tigelie.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618801/; classtype:trojan-activity;sid:84481901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618800)"; flow:established,from_client; content:"GET"; http_method; content:"/1j1k6tnb3y.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"rc.tigelie.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618800/; classtype:trojan-activity;sid:84481900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.252.170.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618799/; classtype:trojan-activity;sid:84481899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.252.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618798/; classtype:trojan-activity;sid:84481898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.254.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618797/; classtype:trojan-activity;sid:84481897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.25.105.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618796/; classtype:trojan-activity;sid:84481896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.98.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618795/; classtype:trojan-activity;sid:84481895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.24.16.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618794/; classtype:trojan-activity;sid:84481894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.215.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618793/; classtype:trojan-activity;sid:84481893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.252.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618792/; classtype:trojan-activity;sid:84481892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618791)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.34.139.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618791/; classtype:trojan-activity;sid:84481891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.102.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618790/; classtype:trojan-activity;sid:84481890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.30.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618789/; classtype:trojan-activity;sid:84481889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.123.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618787/; classtype:trojan-activity;sid:84481887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.105.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618788/; classtype:trojan-activity;sid:84481888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.215.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618786/; classtype:trojan-activity;sid:84481886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.24.16.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618785/; classtype:trojan-activity;sid:84481885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.11.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618784/; classtype:trojan-activity;sid:84481884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.224.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618783/; classtype:trojan-activity;sid:84481883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618782)"; flow:established,from_client; content:"GET"; http_method; content:"/5py1p8i1ih.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tme.hicymui.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618782/; classtype:trojan-activity;sid:84481882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618781)"; flow:established,from_client; content:"GET"; http_method; content:"/cbot/svchosts.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.163.119.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618781/; classtype:trojan-activity;sid:84481881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618780)"; flow:established,from_client; content:"GET"; http_method; content:"/tea"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618780/; classtype:trojan-activity;sid:84481880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618771)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618771/; classtype:trojan-activity;sid:84481871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618772)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.191.243.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618772/; classtype:trojan-activity;sid:84481872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618773)"; flow:established,from_client; content:"GET"; http_method; content:"/0x83911d24fx.sh"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.191.243.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618773/; classtype:trojan-activity;sid:84481873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618774)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618774/; classtype:trojan-activity;sid:84481874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618775)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"160.191.243.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618775/; classtype:trojan-activity;sid:84481875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618776)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.191.243.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618776/; classtype:trojan-activity;sid:84481876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618777)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618777/; classtype:trojan-activity;sid:84481877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618778)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618778/; classtype:trojan-activity;sid:84481878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618779)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618779/; classtype:trojan-activity;sid:84481879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618758)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618758/; classtype:trojan-activity;sid:84481858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618759)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.42.217.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618759/; classtype:trojan-activity;sid:84481859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618760)"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618760/; classtype:trojan-activity;sid:84481860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618761)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618761/; classtype:trojan-activity;sid:84481861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618762)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.191.243.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618762/; classtype:trojan-activity;sid:84481862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618763)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"160.191.243.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618763/; classtype:trojan-activity;sid:84481863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618764)"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.58.113.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618764/; classtype:trojan-activity;sid:84481864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618765)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618765/; classtype:trojan-activity;sid:84481865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618766)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2.58.113.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618766/; classtype:trojan-activity;sid:84481866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618767)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618767/; classtype:trojan-activity;sid:84481867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618768)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.170.245.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618768/; classtype:trojan-activity;sid:84481868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618769)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"160.191.243.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618769/; classtype:trojan-activity;sid:84481869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618757)"; flow:established,from_client; content:"GET"; http_method; content:"/q"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618757/; classtype:trojan-activity;sid:84481857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618753)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.61.39.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618753/; classtype:trojan-activity;sid:84481853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618754)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"163.61.39.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618754/; classtype:trojan-activity;sid:84481854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618755)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"163.61.39.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618755/; classtype:trojan-activity;sid:84481855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618756)"; flow:established,from_client; content:"GET"; http_method; content:"/tvt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"163.61.39.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618756/; classtype:trojan-activity;sid:84481856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618750)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618750/; classtype:trojan-activity;sid:84481850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618751)"; flow:established,from_client; content:"GET"; http_method; content:"/tbk.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618751/; classtype:trojan-activity;sid:84481851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618752)"; flow:established,from_client; content:"GET"; http_method; content:"/tvt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618752/; classtype:trojan-activity;sid:84481852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.104.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618749/; classtype:trojan-activity;sid:84481849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.152.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618747/; classtype:trojan-activity;sid:84481847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.45.75.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618748/; classtype:trojan-activity;sid:84481848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.159.179.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618746/; classtype:trojan-activity;sid:84481846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.177.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618745/; classtype:trojan-activity;sid:84481845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.11.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618744/; classtype:trojan-activity;sid:84481844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.152.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618743/; classtype:trojan-activity;sid:84481843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.104.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618742/; classtype:trojan-activity;sid:84481842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618741)"; flow:established,from_client; content:"GET"; http_method; content:"/qq3nj9mp2o.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tme.hicymui.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618741/; classtype:trojan-activity;sid:84481841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.45.75.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618739/; classtype:trojan-activity;sid:84481839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618740)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.79.126.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618740/; classtype:trojan-activity;sid:84481840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618734)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.79.126.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618734/; classtype:trojan-activity;sid:84481834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618735)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.79.126.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618735/; classtype:trojan-activity;sid:84481835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618736)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.79.126.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618736/; classtype:trojan-activity;sid:84481836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618737)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.79.126.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618737/; classtype:trojan-activity;sid:84481837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618738)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.79.126.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618738/; classtype:trojan-activity;sid:84481838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618733)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.79.126.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618733/; classtype:trojan-activity;sid:84481833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618732)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.79.126.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618732/; classtype:trojan-activity;sid:84481832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.57.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618731/; classtype:trojan-activity;sid:84481831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.158.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618730/; classtype:trojan-activity;sid:84481830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.9.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618729/; classtype:trojan-activity;sid:84481829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.9.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618728/; classtype:trojan-activity;sid:84481828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618727)"; flow:established,from_client; content:"GET"; http_method; content:"/%20"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"142.54.160.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618727/; classtype:trojan-activity;sid:84481827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618725)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"evelynnrank1.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618725/; classtype:trojan-activity;sid:84481825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618726)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"evelynnrank1.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618726/; classtype:trojan-activity;sid:84481826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618724)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"evelynnrank1.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618724/; classtype:trojan-activity;sid:84481824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618717)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"evelynnrank1.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618717/; classtype:trojan-activity;sid:84481817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618718)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"evelynnrank1.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618718/; classtype:trojan-activity;sid:84481818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618719)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"evelynnrank1.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618719/; classtype:trojan-activity;sid:84481819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618720)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"evelynnrank1.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618720/; classtype:trojan-activity;sid:84481820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618721)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"evelynnrank1.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618721/; classtype:trojan-activity;sid:84481821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618722)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"evelynnrank1.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618722/; classtype:trojan-activity;sid:84481822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618723)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"evelynnrank1.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618723/; classtype:trojan-activity;sid:84481823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618716)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"evelynnrank1.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618716/; classtype:trojan-activity;sid:84481816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618706)"; flow:established,from_client; content:"GET"; http_method; content:"/n5lkr0i23g.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tme.hicymui.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618706/; classtype:trojan-activity;sid:84481806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618707)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"81.181.129.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618707/; classtype:trojan-activity;sid:84481807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618708)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"81.181.129.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618708/; classtype:trojan-activity;sid:84481808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618709)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.181.129.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618709/; classtype:trojan-activity;sid:84481809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618710)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.181.129.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618710/; classtype:trojan-activity;sid:84481810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618711)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.181.129.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618711/; classtype:trojan-activity;sid:84481811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618712)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.181.129.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618712/; classtype:trojan-activity;sid:84481812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618713)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.181.129.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618713/; classtype:trojan-activity;sid:84481813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618714)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"81.181.129.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618714/; classtype:trojan-activity;sid:84481814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618715)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"81.181.129.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618715/; classtype:trojan-activity;sid:84481815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618705)"; flow:established,from_client; content:"GET"; http_method; content:"/17tpul0m07.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qv.hicymui.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618705/; classtype:trojan-activity;sid:84481805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618704)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.10.13"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618704/; classtype:trojan-activity;sid:84481804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618689)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"81.181.129.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618689/; classtype:trojan-activity;sid:84481789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618690)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.79.126.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618690/; classtype:trojan-activity;sid:84481790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618691)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"142.54.160.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618691/; classtype:trojan-activity;sid:84481791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618692)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.79.126.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618692/; classtype:trojan-activity;sid:84481792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618693)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"142.54.160.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618693/; classtype:trojan-activity;sid:84481793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618694)"; flow:established,from_client; content:"GET"; http_method; content:"/pftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"142.54.160.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618694/; classtype:trojan-activity;sid:84481794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618695)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"142.54.160.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618695/; classtype:trojan-activity;sid:84481795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618696)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"142.54.160.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618696/; classtype:trojan-activity;sid:84481796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618697)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"142.54.160.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618697/; classtype:trojan-activity;sid:84481797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618698)"; flow:established,from_client; content:"GET"; http_method; content:"/openssh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"142.54.160.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618698/; classtype:trojan-activity;sid:84481798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618699)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"142.54.160.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618699/; classtype:trojan-activity;sid:84481799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618700)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.79.126.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618700/; classtype:trojan-activity;sid:84481800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618701)"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"142.54.160.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618701/; classtype:trojan-activity;sid:84481801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618702)"; flow:established,from_client; content:"GET"; http_method; content:"/ntpd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"142.54.160.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618702/; classtype:trojan-activity;sid:84481802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618703)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"142.54.160.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618703/; classtype:trojan-activity;sid:84481803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618688)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.181.129.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618688/; classtype:trojan-activity;sid:84481788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.177.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618687/; classtype:trojan-activity;sid:84481787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.122.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618686/; classtype:trojan-activity;sid:84481786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618685)"; flow:established,from_client; content:"GET"; http_method; content:"/63m40mjq83.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tku.rowe6yi5.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618685/; classtype:trojan-activity;sid:84481785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.85.164.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618684/; classtype:trojan-activity;sid:84481784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.208.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618683/; classtype:trojan-activity;sid:84481783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.143.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618682/; classtype:trojan-activity;sid:84481782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.177.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618681/; classtype:trojan-activity;sid:84481781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.161.176.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618680/; classtype:trojan-activity;sid:84481780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.21.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618679/; classtype:trojan-activity;sid:84481779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.161.176.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618678/; classtype:trojan-activity;sid:84481778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.143.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618677/; classtype:trojan-activity;sid:84481777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.85.164.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618676/; classtype:trojan-activity;sid:84481776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618675)"; flow:established,from_client; content:"GET"; http_method; content:"/5vgtyy30ec.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mgi.kelu0yo5.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618675/; classtype:trojan-activity;sid:84481775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618673)"; flow:established,from_client; content:"GET"; http_method; content:"/router.zyxel.sh"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"66.78.40.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618673/; classtype:trojan-activity;sid:84481773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.188.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618674/; classtype:trojan-activity;sid:84481774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618662)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/router.tplink.sh"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"66.78.40.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618662/; classtype:trojan-activity;sid:84481762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618663)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kitty.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"66.78.40.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618663/; classtype:trojan-activity;sid:84481763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618664)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kitty.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"66.78.40.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618664/; classtype:trojan-activity;sid:84481764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618665)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kitty.armv5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"66.78.40.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618665/; classtype:trojan-activity;sid:84481765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618666)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/router.zyxel.sh"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"66.78.40.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618666/; classtype:trojan-activity;sid:84481766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618667)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kitty.mipsel"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"66.78.40.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618667/; classtype:trojan-activity;sid:84481767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618668)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kitty.aarch64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"66.78.40.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618668/; classtype:trojan-activity;sid:84481768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618669)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ipcam.tplink.sh"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"66.78.40.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618669/; classtype:trojan-activity;sid:84481769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618670)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kitty.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"66.78.40.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618670/; classtype:trojan-activity;sid:84481770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618671)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kitty.armv6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"66.78.40.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618671/; classtype:trojan-activity;sid:84481771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618672)"; flow:established,from_client; content:"GET"; http_method; content:"/ipcam.tplink.sh"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"66.78.40.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618672/; classtype:trojan-activity;sid:84481772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618660)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kitty.armv7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"66.78.40.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618660/; classtype:trojan-activity;sid:84481760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618661)"; flow:established,from_client; content:"GET"; http_method; content:"/router.tplink.sh"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"66.78.40.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618661/; classtype:trojan-activity;sid:84481761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.232.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618659/; classtype:trojan-activity;sid:84481759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.88.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618658/; classtype:trojan-activity;sid:84481758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.42.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618657/; classtype:trojan-activity;sid:84481757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.172.138.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618656/; classtype:trojan-activity;sid:84481756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.72.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618655/; classtype:trojan-activity;sid:84481755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618654)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.175.0.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618654/; classtype:trojan-activity;sid:84481754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.98.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618653/; classtype:trojan-activity;sid:84481753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.227.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618652/; classtype:trojan-activity;sid:84481752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.167.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618651/; classtype:trojan-activity;sid:84481751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618650)"; flow:established,from_client; content:"GET"; http_method; content:"/3arz7m7r6s.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zu.kelu0yo5.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618650/; classtype:trojan-activity;sid:84481750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.191.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618649/; classtype:trojan-activity;sid:84481749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.227.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618648/; classtype:trojan-activity;sid:84481748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.43.100.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618647/; classtype:trojan-activity;sid:84481747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.73.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618646/; classtype:trojan-activity;sid:84481746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.232.175.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618645/; classtype:trojan-activity;sid:84481745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618644)"; flow:established,from_client; content:"GET"; http_method; content:"/i00ea64jhd.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zu.kelu0yo5.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618644/; classtype:trojan-activity;sid:84481744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.23.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618643/; classtype:trojan-activity;sid:84481743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.226.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618642/; classtype:trojan-activity;sid:84481742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.191.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618641/; classtype:trojan-activity;sid:84481741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.115.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618640/; classtype:trojan-activity;sid:84481740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.1.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618639/; classtype:trojan-activity;sid:84481739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.73.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618638/; classtype:trojan-activity;sid:84481738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.244.203.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618637/; classtype:trojan-activity;sid:84481737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.238.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618636/; classtype:trojan-activity;sid:84481736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.23.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618635/; classtype:trojan-activity;sid:84481735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618634)"; flow:established,from_client; content:"GET"; http_method; content:"/files/603413648/b0syqpo.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618634/; classtype:trojan-activity;sid:84481734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618633)"; flow:established,from_client; content:"GET"; http_method; content:"/files/119349381/nlizu0l.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618633/; classtype:trojan-activity;sid:84481733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.131.92.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618632/; classtype:trojan-activity;sid:84481732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.249.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618631/; classtype:trojan-activity;sid:84481731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618630)"; flow:established,from_client; content:"GET"; http_method; content:"/647r5aihbk.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zu.kelu0yo5.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618630/; classtype:trojan-activity;sid:84481730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.124.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618629/; classtype:trojan-activity;sid:84481729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.94.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618627/; classtype:trojan-activity;sid:84481727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.214.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618628/; classtype:trojan-activity;sid:84481728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.187.192.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618625/; classtype:trojan-activity;sid:84481725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.232.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618626/; classtype:trojan-activity;sid:84481726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.77.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618624/; classtype:trojan-activity;sid:84481724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.152.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618623/; classtype:trojan-activity;sid:84481723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.30.71.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618622/; classtype:trojan-activity;sid:84481722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.124.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618621/; classtype:trojan-activity;sid:84481721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.86.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618620/; classtype:trojan-activity;sid:84481720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618617)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.148.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618617/; classtype:trojan-activity;sid:84481717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618618)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.148.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618618/; classtype:trojan-activity;sid:84481718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618619)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.148.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618619/; classtype:trojan-activity;sid:84481719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618615)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.148.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618615/; classtype:trojan-activity;sid:84481715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618616)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.148.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618616/; classtype:trojan-activity;sid:84481716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618609)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.148.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618609/; classtype:trojan-activity;sid:84481709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618610)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.148.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618610/; classtype:trojan-activity;sid:84481710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618611)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.148.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618611/; classtype:trojan-activity;sid:84481711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618612)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.148.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618612/; classtype:trojan-activity;sid:84481712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618613)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.148.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618613/; classtype:trojan-activity;sid:84481713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618614)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.148.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618614/; classtype:trojan-activity;sid:84481714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618595)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618595/; classtype:trojan-activity;sid:84481695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618596)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618596/; classtype:trojan-activity;sid:84481696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618597)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618597/; classtype:trojan-activity;sid:84481697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618598)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618598/; classtype:trojan-activity;sid:84481698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618599)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618599/; classtype:trojan-activity;sid:84481699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618600)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618600/; classtype:trojan-activity;sid:84481700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618601)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618601/; classtype:trojan-activity;sid:84481701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618602)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618602/; classtype:trojan-activity;sid:84481702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618603)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618603/; classtype:trojan-activity;sid:84481703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618604)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618604/; classtype:trojan-activity;sid:84481704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618605)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618605/; classtype:trojan-activity;sid:84481705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618606)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618606/; classtype:trojan-activity;sid:84481706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618607)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618607/; classtype:trojan-activity;sid:84481707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618608)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618608/; classtype:trojan-activity;sid:84481708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618593)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618593/; classtype:trojan-activity;sid:84481693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618594)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618594/; classtype:trojan-activity;sid:84481694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618592)"; flow:established,from_client; content:"GET"; http_method; content:"/l1pklqed0y.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hqo.pewi2ee5.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618592/; classtype:trojan-activity;sid:84481692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.59.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618591/; classtype:trojan-activity;sid:84481691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.59.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618590/; classtype:trojan-activity;sid:84481690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618589)"; flow:established,from_client; content:"GET"; http_method; content:"/sheuzmye5u.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"va.pewi2ee5.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618589/; classtype:trojan-activity;sid:84481689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.86.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618588/; classtype:trojan-activity;sid:84481688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.41.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618587/; classtype:trojan-activity;sid:84481687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.223.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618586/; classtype:trojan-activity;sid:84481686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.41.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618585/; classtype:trojan-activity;sid:84481685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618584/; classtype:trojan-activity;sid:84481684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.92.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618583/; classtype:trojan-activity;sid:84481683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.223.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618582/; classtype:trojan-activity;sid:84481682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618581/; classtype:trojan-activity;sid:84481681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.7.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618580/; classtype:trojan-activity;sid:84481680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.119.250.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618579/; classtype:trojan-activity;sid:84481679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.193.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618578/; classtype:trojan-activity;sid:84481678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618577)"; flow:established,from_client; content:"GET"; http_method; content:"/t3vx6x31bn.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pqe.nyho0io9.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618577/; classtype:trojan-activity;sid:84481677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.193.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618576/; classtype:trojan-activity;sid:84481676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618575)"; flow:established,from_client; content:"GET"; http_method; content:"/ucgw8ibzsp.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ks.nyho0io9.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618575/; classtype:trojan-activity;sid:84481675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.7.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618574/; classtype:trojan-activity;sid:84481674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618573/; classtype:trojan-activity;sid:84481673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.193.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618572/; classtype:trojan-activity;sid:84481672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.198.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618570/; classtype:trojan-activity;sid:84481670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.92.240.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618571/; classtype:trojan-activity;sid:84481671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.193.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618569/; classtype:trojan-activity;sid:84481669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.134.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618568/; classtype:trojan-activity;sid:84481668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.154.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618566/; classtype:trojan-activity;sid:84481666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618567)"; flow:established,from_client; content:"GET"; http_method; content:"/xej2i9noqk.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ks.nyho0io9.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618567/; classtype:trojan-activity;sid:84481667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618565/; classtype:trojan-activity;sid:84481665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.52.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618564/; classtype:trojan-activity;sid:84481664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.193.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618563/; classtype:trojan-activity;sid:84481663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.92.240.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618562/; classtype:trojan-activity;sid:84481662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.198.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618561/; classtype:trojan-activity;sid:84481661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618560)"; flow:established,from_client; content:"GET"; http_method; content:"/2zh2nflu8p.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ks.nyho0io9.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618560/; classtype:trojan-activity;sid:84481660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.52.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618559/; classtype:trojan-activity;sid:84481659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.176.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618558/; classtype:trojan-activity;sid:84481658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.91.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618557/; classtype:trojan-activity;sid:84481657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618556)"; flow:established,from_client; content:"GET"; http_method; content:"/nrwvf1wb78.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ks.nyho0io9.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618556/; classtype:trojan-activity;sid:84481656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.57.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618555/; classtype:trojan-activity;sid:84481655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618554)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5968325780/oxyukcz.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618554/; classtype:trojan-activity;sid:84481654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.177.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618553/; classtype:trojan-activity;sid:84481653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.176.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618552/; classtype:trojan-activity;sid:84481652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.134.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618551/; classtype:trojan-activity;sid:84481651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.144.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618550/; classtype:trojan-activity;sid:84481650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.193.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618549/; classtype:trojan-activity;sid:84481649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.91.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618548/; classtype:trojan-activity;sid:84481648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618547)"; flow:established,from_client; content:"GET"; http_method; content:"/1w8vnd71eo.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ks.nyho0io9.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618547/; classtype:trojan-activity;sid:84481647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.75.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618546/; classtype:trojan-activity;sid:84481646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.192.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618544/; classtype:trojan-activity;sid:84481644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.193.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618545/; classtype:trojan-activity;sid:84481645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.86.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618543/; classtype:trojan-activity;sid:84481643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.249.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618542/; classtype:trojan-activity;sid:84481642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.57.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618541/; classtype:trojan-activity;sid:84481641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.103.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618540/; classtype:trojan-activity;sid:84481640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.231.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618539/; classtype:trojan-activity;sid:84481639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618538)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.183.29.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618538/; classtype:trojan-activity;sid:84481638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.244.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618537/; classtype:trojan-activity;sid:84481637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618536)"; flow:established,from_client; content:"GET"; http_method; content:"/2hgsxswl6e.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ks.nyho0io9.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618536/; classtype:trojan-activity;sid:84481636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.86.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618535/; classtype:trojan-activity;sid:84481635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618534/; classtype:trojan-activity;sid:84481634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.11.184"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618533/; classtype:trojan-activity;sid:84481633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.78.221.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618532/; classtype:trojan-activity;sid:84481632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.191.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618531/; classtype:trojan-activity;sid:84481631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.222.241.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618530/; classtype:trojan-activity;sid:84481630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.79.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618529/; classtype:trojan-activity;sid:84481629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.90.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618528/; classtype:trojan-activity;sid:84481628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.24.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618527/; classtype:trojan-activity;sid:84481627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.11.184"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618526/; classtype:trojan-activity;sid:84481626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.4.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618525/; classtype:trojan-activity;sid:84481625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618524)"; flow:established,from_client; content:"GET"; http_method; content:"/h9ueh6uzeh.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mx.puva6ey2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618524/; classtype:trojan-activity;sid:84481624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.244.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618523/; classtype:trojan-activity;sid:84481623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.90.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618522/; classtype:trojan-activity;sid:84481622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.222.241.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618521/; classtype:trojan-activity;sid:84481621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.173.21.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618520/; classtype:trojan-activity;sid:84481620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.79.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618519/; classtype:trojan-activity;sid:84481619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.102.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618518/; classtype:trojan-activity;sid:84481618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.179.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618517/; classtype:trojan-activity;sid:84481617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.54.62.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618516/; classtype:trojan-activity;sid:84481616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.24.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618515/; classtype:trojan-activity;sid:84481615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618514)"; flow:established,from_client; content:"GET"; http_method; content:"/x2xuz0uvc8.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mx.puva6ey2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618514/; classtype:trojan-activity;sid:84481614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.4.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618513/; classtype:trojan-activity;sid:84481613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618512/; classtype:trojan-activity;sid:84481612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.173.21.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618511/; classtype:trojan-activity;sid:84481611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618510)"; flow:established,from_client; content:"GET"; http_method; content:"/download.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618510/; classtype:trojan-activity;sid:84481610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.54.62.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618509/; classtype:trojan-activity;sid:84481609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.179.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618508/; classtype:trojan-activity;sid:84481608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.141.233.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618507/; classtype:trojan-activity;sid:84481607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.197.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618506/; classtype:trojan-activity;sid:84481606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.102.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618504/; classtype:trojan-activity;sid:84481604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.14.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618505/; classtype:trojan-activity;sid:84481605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.240.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618503/; classtype:trojan-activity;sid:84481603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.88.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618502/; classtype:trojan-activity;sid:84481602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.213.156.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618501/; classtype:trojan-activity;sid:84481601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.177.151.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618500/; classtype:trojan-activity;sid:84481600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.54.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618499/; classtype:trojan-activity;sid:84481599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618498)"; flow:established,from_client; content:"GET"; http_method; content:"/io1wq0jqia.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mx.puva6ey2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618498/; classtype:trojan-activity;sid:84481598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.219.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618497/; classtype:trojan-activity;sid:84481597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.249.169.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618496/; classtype:trojan-activity;sid:84481596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.172.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618495/; classtype:trojan-activity;sid:84481595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.101.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618494/; classtype:trojan-activity;sid:84481594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.51.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618493/; classtype:trojan-activity;sid:84481593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.104.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618492/; classtype:trojan-activity;sid:84481592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.106.231.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618491/; classtype:trojan-activity;sid:84481591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618490)"; flow:established,from_client; content:"GET"; http_method; content:"/zxoi3vmkax.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mx.puva6ey2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618490/; classtype:trojan-activity;sid:84481590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.172.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618489/; classtype:trojan-activity;sid:84481589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.214.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618488/; classtype:trojan-activity;sid:84481588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.134.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618487/; classtype:trojan-activity;sid:84481587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618486)"; flow:established,from_client; content:"GET"; http_method; content:"/0a0csm4ju2.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mx.puva6ey2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618486/; classtype:trojan-activity;sid:84481586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.39.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618485/; classtype:trojan-activity;sid:84481585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.152.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618484/; classtype:trojan-activity;sid:84481584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618483)"; flow:established,from_client; content:"GET"; http_method; content:"/beba.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.238.191.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618483/; classtype:trojan-activity;sid:84481583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618480)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"events.api.o365drive-support.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618480/; classtype:trojan-activity;sid:84481580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618481)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618481/; classtype:trojan-activity;sid:84481581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618482)"; flow:established,from_client; content:"GET"; http_method; content:"/rt.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618482/; classtype:trojan-activity;sid:84481582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.146.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618479/; classtype:trojan-activity;sid:84481579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618478)"; flow:established,from_client; content:"GET"; http_method; content:"/s7qi896nui.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mx.puva6ey2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618478/; classtype:trojan-activity;sid:84481578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.51.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618476/; classtype:trojan-activity;sid:84481576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618473)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618473/; classtype:trojan-activity;sid:84481573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618474)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618474/; classtype:trojan-activity;sid:84481574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618475)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618475/; classtype:trojan-activity;sid:84481575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618469)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618469/; classtype:trojan-activity;sid:84481569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618470)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618470/; classtype:trojan-activity;sid:84481570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618471)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"acc.o365drive-support.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618471/; classtype:trojan-activity;sid:84481571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618472)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.mipsel"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618472/; classtype:trojan-activity;sid:84481572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618466)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618466/; classtype:trojan-activity;sid:84481566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618467)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618467/; classtype:trojan-activity;sid:84481567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618468)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc440fp"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618468/; classtype:trojan-activity;sid:84481568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.146.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618465/; classtype:trojan-activity;sid:84481565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618448)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"events.api.o365drive-support.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618448/; classtype:trojan-activity;sid:84481548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618449)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618449/; classtype:trojan-activity;sid:84481549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618450)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618450/; classtype:trojan-activity;sid:84481550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618451)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618451/; classtype:trojan-activity;sid:84481551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618452)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"events.api.o365drive-support.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618452/; classtype:trojan-activity;sid:84481552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618453)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.x86_32"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618453/; classtype:trojan-activity;sid:84481553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618454)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618454/; classtype:trojan-activity;sid:84481554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618455)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618455/; classtype:trojan-activity;sid:84481555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618456)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"events.api.o365drive-support.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618456/; classtype:trojan-activity;sid:84481556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618457)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618457/; classtype:trojan-activity;sid:84481557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618458)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618458/; classtype:trojan-activity;sid:84481558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618459)"; flow:established,from_client; content:"GET"; http_method; content:"/a/wget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618459/; classtype:trojan-activity;sid:84481559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618460)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618460/; classtype:trojan-activity;sid:84481560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618461)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618461/; classtype:trojan-activity;sid:84481561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.212.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618462/; classtype:trojan-activity;sid:84481562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618463)"; flow:established,from_client; content:"GET"; http_method; content:"/zatoempire.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618463/; classtype:trojan-activity;sid:84481563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618464)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618464/; classtype:trojan-activity;sid:84481564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618445)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618445/; classtype:trojan-activity;sid:84481545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618446)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.vipcncnetwork.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618446/; classtype:trojan-activity;sid:84481546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618447)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.vipcncnetwork.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618447/; classtype:trojan-activity;sid:84481547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618444)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"acc.o365drive-support.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618444/; classtype:trojan-activity;sid:84481544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618439)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.85.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618439/; classtype:trojan-activity;sid:84481539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618440)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.85.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618440/; classtype:trojan-activity;sid:84481540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618441)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.85.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618441/; classtype:trojan-activity;sid:84481541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618434)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618434/; classtype:trojan-activity;sid:84481534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618435)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618435/; classtype:trojan-activity;sid:84481535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618436)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618436/; classtype:trojan-activity;sid:84481536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618437)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618437/; classtype:trojan-activity;sid:84481537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618438)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618438/; classtype:trojan-activity;sid:84481538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618433)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618433/; classtype:trojan-activity;sid:84481533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618432)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i468"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618432/; classtype:trojan-activity;sid:84481532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618431)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618431/; classtype:trojan-activity;sid:84481531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618429)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"acc.o365drive-support.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618429/; classtype:trojan-activity;sid:84481529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618430)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"events.api.o365drive-support.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618430/; classtype:trojan-activity;sid:84481530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618423)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.vipcncnetwork.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618423/; classtype:trojan-activity;sid:84481523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618424)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"events.api.o365drive-support.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618424/; classtype:trojan-activity;sid:84481524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618425)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"events.api.o365drive-support.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618425/; classtype:trojan-activity;sid:84481525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618426)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.vipcncnetwork.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618426/; classtype:trojan-activity;sid:84481526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618427)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"events.api.o365drive-support.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618427/; classtype:trojan-activity;sid:84481527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618428)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.vipcncnetwork.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618428/; classtype:trojan-activity;sid:84481528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618422)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.vipcncnetwork.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618422/; classtype:trojan-activity;sid:84481522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618417)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"acc.o365drive-support.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618417/; classtype:trojan-activity;sid:84481517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618418)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618418/; classtype:trojan-activity;sid:84481518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618419)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618419/; classtype:trojan-activity;sid:84481519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618420)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"events.api.o365drive-support.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618420/; classtype:trojan-activity;sid:84481520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618421)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"acc.o365drive-support.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618421/; classtype:trojan-activity;sid:84481521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618414)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618414/; classtype:trojan-activity;sid:84481514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618415)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"acc.o365drive-support.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618415/; classtype:trojan-activity;sid:84481515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618416)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618416/; classtype:trojan-activity;sid:84481516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618413)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"events.api.o365drive-support.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618413/; classtype:trojan-activity;sid:84481513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618412)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"acc.o365drive-support.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618412/; classtype:trojan-activity;sid:84481512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618404)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"acc.o365drive-support.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618404/; classtype:trojan-activity;sid:84481504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618405)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"events.api.o365drive-support.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618405/; classtype:trojan-activity;sid:84481505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618406)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618406/; classtype:trojan-activity;sid:84481506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618407)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"acc.o365drive-support.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618407/; classtype:trojan-activity;sid:84481507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618408)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"events.api.o365drive-support.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618408/; classtype:trojan-activity;sid:84481508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618409)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618409/; classtype:trojan-activity;sid:84481509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618410)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"events.api.o365drive-support.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618410/; classtype:trojan-activity;sid:84481510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618411)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618411/; classtype:trojan-activity;sid:84481511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618396)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.vipcncnetwork.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618396/; classtype:trojan-activity;sid:84481496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618397)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618397/; classtype:trojan-activity;sid:84481497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618398)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618398/; classtype:trojan-activity;sid:84481498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618399)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618399/; classtype:trojan-activity;sid:84481499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618400)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"acc.o365drive-support.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618400/; classtype:trojan-activity;sid:84481500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618401)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.vipcncnetwork.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618401/; classtype:trojan-activity;sid:84481501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618402)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"events.api.o365drive-support.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618402/; classtype:trojan-activity;sid:84481502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618403)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.vipcncnetwork.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618403/; classtype:trojan-activity;sid:84481503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618388)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"acc.o365drive-support.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618388/; classtype:trojan-activity;sid:84481488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618389)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618389/; classtype:trojan-activity;sid:84481489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618390)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.vipcncnetwork.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618390/; classtype:trojan-activity;sid:84481490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618391)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.vipcncnetwork.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618391/; classtype:trojan-activity;sid:84481491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618392)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618392/; classtype:trojan-activity;sid:84481492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618393)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.vipcncnetwork.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618393/; classtype:trojan-activity;sid:84481493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618394)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"acc.o365drive-support.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618394/; classtype:trojan-activity;sid:84481494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618395)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618395/; classtype:trojan-activity;sid:84481495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618385)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.vipcncnetwork.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618385/; classtype:trojan-activity;sid:84481485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618386)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"acc.o365drive-support.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618386/; classtype:trojan-activity;sid:84481486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618387)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"events.api.o365drive-support.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618387/; classtype:trojan-activity;sid:84481487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618384)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.cnnetwork.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618384/; classtype:trojan-activity;sid:84481484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618380)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.vipcncnetwork.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618380/; classtype:trojan-activity;sid:84481480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618381)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.vipcncnetwork.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618381/; classtype:trojan-activity;sid:84481481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618382)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"acc.o365drive-support.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618382/; classtype:trojan-activity;sid:84481482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618383)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"acc.o365drive-support.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618383/; classtype:trojan-activity;sid:84481483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618379)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"o365drive-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618379/; classtype:trojan-activity;sid:84481479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618377)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"o365drive-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618377/; classtype:trojan-activity;sid:84481477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618378)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"o365drive-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618378/; classtype:trojan-activity;sid:84481478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618375)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"accessdennied.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618375/; classtype:trojan-activity;sid:84481475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618376)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"o365drive-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618376/; classtype:trojan-activity;sid:84481476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618371)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"o365drive-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618371/; classtype:trojan-activity;sid:84481471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618372)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"accessdennied.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618372/; classtype:trojan-activity;sid:84481472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618373)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"o365drive-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618373/; classtype:trojan-activity;sid:84481473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618374)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"o365drive-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618374/; classtype:trojan-activity;sid:84481474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618359)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"o365drive-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618359/; classtype:trojan-activity;sid:84481459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618360)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"accessdennied.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618360/; classtype:trojan-activity;sid:84481460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618361)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"accessdennied.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618361/; classtype:trojan-activity;sid:84481461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618362)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"accessdennied.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618362/; classtype:trojan-activity;sid:84481462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618363)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"accessdennied.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618363/; classtype:trojan-activity;sid:84481463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618364)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"accessdennied.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618364/; classtype:trojan-activity;sid:84481464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618365)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"accessdennied.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618365/; classtype:trojan-activity;sid:84481465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618366)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"accessdennied.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618366/; classtype:trojan-activity;sid:84481466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618367)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"accessdennied.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618367/; classtype:trojan-activity;sid:84481467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618368)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"accessdennied.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618368/; classtype:trojan-activity;sid:84481468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618369)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"o365drive-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618369/; classtype:trojan-activity;sid:84481469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618370)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"o365drive-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618370/; classtype:trojan-activity;sid:84481470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618351)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"o365drive-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618351/; classtype:trojan-activity;sid:84481451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618352)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"accessdennied.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618352/; classtype:trojan-activity;sid:84481452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618353)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"accessdennied.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618353/; classtype:trojan-activity;sid:84481453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618354)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"o365drive-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618354/; classtype:trojan-activity;sid:84481454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618355)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"o365drive-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618355/; classtype:trojan-activity;sid:84481455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618356)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"o365drive-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618356/; classtype:trojan-activity;sid:84481456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618357)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"accessdennied.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618357/; classtype:trojan-activity;sid:84481457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618358)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"o365drive-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618358/; classtype:trojan-activity;sid:84481458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618350)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"accessdennied.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618350/; classtype:trojan-activity;sid:84481450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618349)"; flow:established,from_client; content:"GET"; http_method; content:"/d83xj6eo5g.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mx.puva6ey2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618349/; classtype:trojan-activity;sid:84481449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618347)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618347/; classtype:trojan-activity;sid:84481447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.111.130.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618348/; classtype:trojan-activity;sid:84481448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618343)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ransokk.de"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618343/; classtype:trojan-activity;sid:84481443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618344)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/test.sparc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"jjk1241255325324523.duckdns.org"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618344/; classtype:trojan-activity;sid:84481444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618345)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/test.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"jjk1241255325324523.duckdns.org"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618345/; classtype:trojan-activity;sid:84481445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618346)"; flow:established,from_client; content:"GET"; http_method; content:"/pulse"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618346/; classtype:trojan-activity;sid:84481446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.58.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618341/; classtype:trojan-activity;sid:84481441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618342)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618342/; classtype:trojan-activity;sid:84481442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618336)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon443"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618336/; classtype:trojan-activity;sid:84481436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618337)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618337/; classtype:trojan-activity;sid:84481437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618338)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618338/; classtype:trojan-activity;sid:84481438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618339)"; flow:established,from_client; content:"GET"; http_method; content:"/thinkphp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618339/; classtype:trojan-activity;sid:84481439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618340)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618340/; classtype:trojan-activity;sid:84481440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618322)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ransokk.de"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618322/; classtype:trojan-activity;sid:84481422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618323)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618323/; classtype:trojan-activity;sid:84481423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618324)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/test.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jjk1241255325324523.duckdns.org"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618324/; classtype:trojan-activity;sid:84481424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618325)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/test.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jjk1241255325324523.duckdns.org"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618325/; classtype:trojan-activity;sid:84481425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618326)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/test.mipsel"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"jjk1241255325324523.duckdns.org"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618326/; classtype:trojan-activity;sid:84481426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618327)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/test.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jjk1241255325324523.duckdns.org"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618327/; classtype:trojan-activity;sid:84481427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618328)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/test.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jjk1241255325324523.duckdns.org"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618328/; classtype:trojan-activity;sid:84481428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618329)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ransokk.de"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618329/; classtype:trojan-activity;sid:84481429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.78.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618330/; classtype:trojan-activity;sid:84481430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618331)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618331/; classtype:trojan-activity;sid:84481431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618332)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/test.aarch64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"jjk1241255325324523.duckdns.org"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618332/; classtype:trojan-activity;sid:84481432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618333)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/test.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jjk1241255325324523.duckdns.org"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618333/; classtype:trojan-activity;sid:84481433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618334)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618334/; classtype:trojan-activity;sid:84481434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618335)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618335/; classtype:trojan-activity;sid:84481435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618319)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ransokk.de"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618319/; classtype:trojan-activity;sid:84481419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618320)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ransokk.de"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618320/; classtype:trojan-activity;sid:84481420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618321)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ransokk.de"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618321/; classtype:trojan-activity;sid:84481421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618316)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618316/; classtype:trojan-activity;sid:84481416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618317)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618317/; classtype:trojan-activity;sid:84481417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.133.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618318/; classtype:trojan-activity;sid:84481418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618314)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618314/; classtype:trojan-activity;sid:84481414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618315/; classtype:trojan-activity;sid:84481415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618311)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ransokk.de"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618311/; classtype:trojan-activity;sid:84481411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618312)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ransokk.de"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618312/; classtype:trojan-activity;sid:84481412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618313)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ransokk.de"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618313/; classtype:trojan-activity;sid:84481413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618306)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ransokk.de"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618306/; classtype:trojan-activity;sid:84481406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618307)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ransokk.de"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618307/; classtype:trojan-activity;sid:84481407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618308)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ransokk.de"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618308/; classtype:trojan-activity;sid:84481408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618309)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ransokk.de"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618309/; classtype:trojan-activity;sid:84481409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618310)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ransokk.de"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618310/; classtype:trojan-activity;sid:84481410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618305)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ransokk.de"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618305/; classtype:trojan-activity;sid:84481405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618304)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.85.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618304/; classtype:trojan-activity;sid:84481404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618303)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"152.53.209.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618303/; classtype:trojan-activity;sid:84481403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618302)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"152.53.209.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618302/; classtype:trojan-activity;sid:84481402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618301)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618301/; classtype:trojan-activity;sid:84481401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618300)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.53.209.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618300/; classtype:trojan-activity;sid:84481400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618297)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.arm4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.53.209.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618297/; classtype:trojan-activity;sid:84481397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618298)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"152.53.209.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618298/; classtype:trojan-activity;sid:84481398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618299)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.arm4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618299/; classtype:trojan-activity;sid:84481399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618289)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.53.209.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618289/; classtype:trojan-activity;sid:84481389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618290)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"152.53.209.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618290/; classtype:trojan-activity;sid:84481390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618291)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"152.53.209.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618291/; classtype:trojan-activity;sid:84481391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618292)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.53.209.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618292/; classtype:trojan-activity;sid:84481392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618293)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.53.209.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618293/; classtype:trojan-activity;sid:84481393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618294)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"152.53.209.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618294/; classtype:trojan-activity;sid:84481394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618295)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.mipsel"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"152.53.209.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618295/; classtype:trojan-activity;sid:84481395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618296)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.53.209.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618296/; classtype:trojan-activity;sid:84481396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618288)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.53.209.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618288/; classtype:trojan-activity;sid:84481388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618284)"; flow:established,from_client; content:"GET"; http_method; content:"/zatoempire.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"152.53.209.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618284/; classtype:trojan-activity;sid:84481384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618285)"; flow:established,from_client; content:"GET"; http_method; content:"/a/wget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.53.209.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618285/; classtype:trojan-activity;sid:84481385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618286)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.x86_32"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"152.53.209.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618286/; classtype:trojan-activity;sid:84481386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618287)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"152.53.209.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618287/; classtype:trojan-activity;sid:84481387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618283)"; flow:established,from_client; content:"GET"; http_method; content:"/rt.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"152.53.209.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618283/; classtype:trojan-activity;sid:84481383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618282)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618282/; classtype:trojan-activity;sid:84481382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618275)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618275/; classtype:trojan-activity;sid:84481375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618276)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618276/; classtype:trojan-activity;sid:84481376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618277)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618277/; classtype:trojan-activity;sid:84481377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618278)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618278/; classtype:trojan-activity;sid:84481378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618279)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618279/; classtype:trojan-activity;sid:84481379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618280)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618280/; classtype:trojan-activity;sid:84481380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618281)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/abba.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618281/; classtype:trojan-activity;sid:84481381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618274)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bot.orcacrash.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618274/; classtype:trojan-activity;sid:84481374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618273)"; flow:established,from_client; content:"GET"; http_method; content:"/p3jva3igi3.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mx.puva6ey2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618273/; classtype:trojan-activity;sid:84481373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.111.130.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618272/; classtype:trojan-activity;sid:84481372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618271)"; flow:established,from_client; content:"GET"; http_method; content:"/45058fd046634b96bcb5bf76d13300cb_bound_build.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"185.238.191.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618271/; classtype:trojan-activity;sid:84481371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618270)"; flow:established,from_client; content:"GET"; http_method; content:"/f530ba73ae3a4a7493dd6291a3779e43_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"185.238.191.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618270/; classtype:trojan-activity;sid:84481370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618269)"; flow:established,from_client; content:"GET"; http_method; content:"/ab11eccc5c6f4f2c8143d2cf0c15d362_miner.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"185.238.191.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618269/; classtype:trojan-activity;sid:84481369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618268)"; flow:established,from_client; content:"GET"; http_method; content:"/0710c650cec84ebf9754a56fa7ee0289_miner.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"185.238.191.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618268/; classtype:trojan-activity;sid:84481368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618267)"; flow:established,from_client; content:"GET"; http_method; content:"/f89c4e8925664cf9ba4ccbd13db6985c_miner.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"185.238.191.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618267/; classtype:trojan-activity;sid:84481367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618263)"; flow:established,from_client; content:"GET"; http_method; content:"/45be7d4c0f024bcd92f1ca640006d8f6_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"185.238.191.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618263/; classtype:trojan-activity;sid:84481363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618264)"; flow:established,from_client; content:"GET"; http_method; content:"/8ee410fee01a444995e04d84d8c7f931_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"185.238.191.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618264/; classtype:trojan-activity;sid:84481364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618265)"; flow:established,from_client; content:"GET"; http_method; content:"/13bd6e1841f64129bd09508e978d918c_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"185.238.191.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618265/; classtype:trojan-activity;sid:84481365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618266)"; flow:established,from_client; content:"GET"; http_method; content:"/06e45dfe762042d69e25b91371200293_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"185.238.191.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618266/; classtype:trojan-activity;sid:84481366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618262)"; flow:established,from_client; content:"GET"; http_method; content:"/4f4f24f0764040c484a6d33c6f5c32f8_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"185.238.191.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618262/; classtype:trojan-activity;sid:84481362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.78.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618261/; classtype:trojan-activity;sid:84481361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.78.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618259/; classtype:trojan-activity;sid:84481359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.58.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618260/; classtype:trojan-activity;sid:84481360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618258)"; flow:established,from_client; content:"GET"; http_method; content:"/get_file|3f|file=0kurgddhkbsd"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"dropbox.nowdownloads.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618258/; classtype:trojan-activity;sid:84481358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618249)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/u.xml"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618249/; classtype:trojan-activity;sid:84481349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618250)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/wget.sh"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618250/; classtype:trojan-activity;sid:84481350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618251)"; flow:established,from_client; content:"GET"; http_method; content:"/d.xml"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618251/; classtype:trojan-activity;sid:84481351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618252)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.urbotnetisass"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618252/; classtype:trojan-activity;sid:84481352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618253)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.urbotnetisass"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618253/; classtype:trojan-activity;sid:84481353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618254)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.urbotnetisass"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618254/; classtype:trojan-activity;sid:84481354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618255)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.urbotnetisass"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618255/; classtype:trojan-activity;sid:84481355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618256)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.urbotnetisass"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618256/; classtype:trojan-activity;sid:84481356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618257)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.urbotnetisass"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618257/; classtype:trojan-activity;sid:84481357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618238)"; flow:established,from_client; content:"GET"; http_method; content:"/multi/armv4l"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"145.223.69.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618238/; classtype:trojan-activity;sid:84481338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618239)"; flow:established,from_client; content:"GET"; http_method; content:"/multi/i586"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"145.223.69.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618239/; classtype:trojan-activity;sid:84481339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618240)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/c.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618240/; classtype:trojan-activity;sid:84481340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618241)"; flow:established,from_client; content:"GET"; http_method; content:"/multi/av4l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"145.223.69.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618241/; classtype:trojan-activity;sid:84481341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618242)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/d.xml"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618242/; classtype:trojan-activity;sid:84481342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618243)"; flow:established,from_client; content:"GET"; http_method; content:"/u.xml"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618243/; classtype:trojan-activity;sid:84481343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618244)"; flow:established,from_client; content:"GET"; http_method; content:"/multi/x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"145.223.69.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618244/; classtype:trojan-activity;sid:84481344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618245)"; flow:established,from_client; content:"GET"; http_method; content:"/multi/av5l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"145.223.69.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618245/; classtype:trojan-activity;sid:84481345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618246)"; flow:established,from_client; content:"GET"; http_method; content:"/multi/armv7l"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"145.223.69.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618246/; classtype:trojan-activity;sid:84481346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618247)"; flow:established,from_client; content:"GET"; http_method; content:"/3.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618247/; classtype:trojan-activity;sid:84481347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618248)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/w.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618248/; classtype:trojan-activity;sid:84481348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618236)"; flow:established,from_client; content:"GET"; http_method; content:"/multi/mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"145.223.69.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618236/; classtype:trojan-activity;sid:84481336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618237)"; flow:established,from_client; content:"GET"; http_method; content:"/multi/armv6l"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"145.223.69.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618237/; classtype:trojan-activity;sid:84481337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618235)"; flow:established,from_client; content:"GET"; http_method; content:"/multi/armv5l"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"145.223.69.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618235/; classtype:trojan-activity;sid:84481335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618234)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.153.69.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618234/; classtype:trojan-activity;sid:84481334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618232)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.armv5l"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618232/; classtype:trojan-activity;sid:84481332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618233)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.powerpc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618233/; classtype:trojan-activity;sid:84481333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618225)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.armv4l"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618225/; classtype:trojan-activity;sid:84481325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618226)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.powerpc-440fp"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618226/; classtype:trojan-activity;sid:84481326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618227)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sparc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618227/; classtype:trojan-activity;sid:84481327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618228)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mipsel"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618228/; classtype:trojan-activity;sid:84481328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618229)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.armv7l"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618229/; classtype:trojan-activity;sid:84481329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618230)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.armv6l"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618230/; classtype:trojan-activity;sid:84481330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618231)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i486"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618231/; classtype:trojan-activity;sid:84481331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618223)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.87.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618223/; classtype:trojan-activity;sid:84481323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618224)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6075866260/pzfgypl.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618224/; classtype:trojan-activity;sid:84481324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618218)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.87.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618218/; classtype:trojan-activity;sid:84481318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618219)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.urbotnetisass"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618219/; classtype:trojan-activity;sid:84481319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618220)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.urbotnetisass"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618220/; classtype:trojan-activity;sid:84481320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618221)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.urbotnetisass"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618221/; classtype:trojan-activity;sid:84481321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618222)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.urbotnetisass"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618222/; classtype:trojan-activity;sid:84481322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618217)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.87.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618217/; classtype:trojan-activity;sid:84481317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618216)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1781548144/qbohfps.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618216/; classtype:trojan-activity;sid:84481316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.235.174.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618215/; classtype:trojan-activity;sid:84481315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.153.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618214/; classtype:trojan-activity;sid:84481314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.201.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618213/; classtype:trojan-activity;sid:84481313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618212)"; flow:established,from_client; content:"GET"; http_method; content:"/aii.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"23.26.76.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618212/; classtype:trojan-activity;sid:84481312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618210)"; flow:established,from_client; content:"GET"; http_method; content:"/ai.png"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.26.76.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618210/; classtype:trojan-activity;sid:84481310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618211)"; flow:established,from_client; content:"GET"; http_method; content:"/re.png"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.26.76.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618211/; classtype:trojan-activity;sid:84481311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618209)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618209/; classtype:trojan-activity;sid:84481309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618208)"; flow:established,from_client; content:"GET"; http_method; content:"/tndbjkk1da.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mx.puva6ey2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618208/; classtype:trojan-activity;sid:84481308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.80.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618207/; classtype:trojan-activity;sid:84481307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.59.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618206/; classtype:trojan-activity;sid:84481306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.22.200.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618205/; classtype:trojan-activity;sid:84481305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618204)"; flow:established,from_client; content:"GET"; http_method; content:"/123.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"147.45.216.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618204/; classtype:trojan-activity;sid:84481304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618203)"; flow:established,from_client; content:"GET"; http_method; content:"/msedge.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"147.45.216.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618203/; classtype:trojan-activity;sid:84481303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.108.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618202/; classtype:trojan-activity;sid:84481302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.95.0.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618201/; classtype:trojan-activity;sid:84481301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.24.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618200/; classtype:trojan-activity;sid:84481300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.153.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618199/; classtype:trojan-activity;sid:84481299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.30.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618198/; classtype:trojan-activity;sid:84481298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.16.164.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618197/; classtype:trojan-activity;sid:84481297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.174.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618196/; classtype:trojan-activity;sid:84481296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.45.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618195/; classtype:trojan-activity;sid:84481295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618194)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618194/; classtype:trojan-activity;sid:84481294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618191)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.16.29.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618191/; classtype:trojan-activity;sid:84481291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618192)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/32gb/video.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.16.29.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618192/; classtype:trojan-activity;sid:84481292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618193)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/32gb/av.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"151.16.29.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618193/; classtype:trojan-activity;sid:84481293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618188)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.16.29.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618188/; classtype:trojan-activity;sid:84481288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618189)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.16.29.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618189/; classtype:trojan-activity;sid:84481289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618190)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/32gb/photo.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.16.29.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618190/; classtype:trojan-activity;sid:84481290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618187)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.16.29.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618187/; classtype:trojan-activity;sid:84481287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618182)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.16.29.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618182/; classtype:trojan-activity;sid:84481282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618183)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.16.29.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618183/; classtype:trojan-activity;sid:84481283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618184)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/32gb/photo.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.16.29.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618184/; classtype:trojan-activity;sid:84481284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618185)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/32gb/video.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.16.29.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618185/; classtype:trojan-activity;sid:84481285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618186)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/32gb/av.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"151.16.29.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618186/; classtype:trojan-activity;sid:84481286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.189.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618181/; classtype:trojan-activity;sid:84481281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.22.200.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618180/; classtype:trojan-activity;sid:84481280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618179)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618179/; classtype:trojan-activity;sid:84481279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618178)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618178/; classtype:trojan-activity;sid:84481278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618169)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.armv7l"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618169/; classtype:trojan-activity;sid:84481269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618170)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618170/; classtype:trojan-activity;sid:84481270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618171)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.armv6l"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618171/; classtype:trojan-activity;sid:84481271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618172)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.armv4l"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618172/; classtype:trojan-activity;sid:84481272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618173)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.armv5l"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618173/; classtype:trojan-activity;sid:84481273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618174)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618174/; classtype:trojan-activity;sid:84481274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618175)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618175/; classtype:trojan-activity;sid:84481275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618176)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.i586"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618176/; classtype:trojan-activity;sid:84481276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618177)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.sparc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618177/; classtype:trojan-activity;sid:84481277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.24.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618168/; classtype:trojan-activity;sid:84481268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618167)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.i686"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618167/; classtype:trojan-activity;sid:84481267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618166)"; flow:established,from_client; content:"GET"; http_method; content:"/release/arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618166/; classtype:trojan-activity;sid:84481266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618165)"; flow:established,from_client; content:"GET"; http_method; content:"/release/debug"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618165/; classtype:trojan-activity;sid:84481265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618161)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv7l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618161/; classtype:trojan-activity;sid:84481261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618162)"; flow:established,from_client; content:"GET"; http_method; content:"/release/arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618162/; classtype:trojan-activity;sid:84481262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618163)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv5l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618163/; classtype:trojan-activity;sid:84481263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618164)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv6l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618164/; classtype:trojan-activity;sid:84481264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618155)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.i586"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618155/; classtype:trojan-activity;sid:84481255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618156)"; flow:established,from_client; content:"GET"; http_method; content:"/release/mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618156/; classtype:trojan-activity;sid:84481256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618157)"; flow:established,from_client; content:"GET"; http_method; content:"/release/x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618157/; classtype:trojan-activity;sid:84481257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618158)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv4l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618158/; classtype:trojan-activity;sid:84481258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618159)"; flow:established,from_client; content:"GET"; http_method; content:"/release/mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618159/; classtype:trojan-activity;sid:84481259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618160)"; flow:established,from_client; content:"GET"; http_method; content:"/release/arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618160/; classtype:trojan-activity;sid:84481260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.25.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618154/; classtype:trojan-activity;sid:84481254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618153/; classtype:trojan-activity;sid:84481253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618152)"; flow:established,from_client; content:"GET"; http_method; content:"/x31agosto.vbs"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"186.169.40.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618152/; classtype:trojan-activity;sid:84481252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618150)"; flow:established,from_client; content:"GET"; http_method; content:"/1septiembre.vbs"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"186.169.40.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618150/; classtype:trojan-activity;sid:84481250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618151)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"186.169.40.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618151/; classtype:trojan-activity;sid:84481251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618148)"; flow:established,from_client; content:"GET"; http_method; content:"/andre.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.169.40.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618148/; classtype:trojan-activity;sid:84481248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618149)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"186.169.40.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618149/; classtype:trojan-activity;sid:84481249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618147)"; flow:established,from_client; content:"GET"; http_method; content:"/2septiembre.vbs"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"186.169.40.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618147/; classtype:trojan-activity;sid:84481247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.201.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618146/; classtype:trojan-activity;sid:84481246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.136.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618145/; classtype:trojan-activity;sid:84481245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.108.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618144/; classtype:trojan-activity;sid:84481244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.241.143.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618143/; classtype:trojan-activity;sid:84481243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.25.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618142/; classtype:trojan-activity;sid:84481242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.80.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618141/; classtype:trojan-activity;sid:84481241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618140/; classtype:trojan-activity;sid:84481240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.232.63.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618139/; classtype:trojan-activity;sid:84481239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.220.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618138/; classtype:trojan-activity;sid:84481238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.189.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618137/; classtype:trojan-activity;sid:84481237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.220.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618136/; classtype:trojan-activity;sid:84481236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.136.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618135/; classtype:trojan-activity;sid:84481235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.59.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618134/; classtype:trojan-activity;sid:84481234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.63.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618133/; classtype:trojan-activity;sid:84481233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.241.143.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618132/; classtype:trojan-activity;sid:84481232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.198.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618131/; classtype:trojan-activity;sid:84481231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.27.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618130/; classtype:trojan-activity;sid:84481230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.176.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618129/; classtype:trojan-activity;sid:84481229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.76.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618128/; classtype:trojan-activity;sid:84481228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618127)"; flow:established,from_client; content:"GET"; http_method; content:"/ertgegeg/support.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"paguehojebrasil.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618127/; classtype:trojan-activity;sid:84481227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.198.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618126/; classtype:trojan-activity;sid:84481226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618125)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8167064937/jsr21kp.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618125/; classtype:trojan-activity;sid:84481225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618124)"; flow:established,from_client; content:"GET"; http_method; content:"/files/2096817243/wpdnfa7.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618124/; classtype:trojan-activity;sid:84481224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.42.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618123/; classtype:trojan-activity;sid:84481223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618122)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7453936223/rent7wg.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618122/; classtype:trojan-activity;sid:84481222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.132.38.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618121/; classtype:trojan-activity;sid:84481221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618120/; classtype:trojan-activity;sid:84481220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.145.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618119/; classtype:trojan-activity;sid:84481219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618118)"; flow:established,from_client; content:"GET"; http_method; content:"/nlk296xb40.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mx.puva6ey2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618118/; classtype:trojan-activity;sid:84481218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.154.26.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618117/; classtype:trojan-activity;sid:84481217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618116/; classtype:trojan-activity;sid:84481216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618114)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"145.223.69.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618114/; classtype:trojan-activity;sid:84481214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618115)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"145.223.69.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618115/; classtype:trojan-activity;sid:84481215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618110)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"145.223.69.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618110/; classtype:trojan-activity;sid:84481210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618111)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"145.223.69.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618111/; classtype:trojan-activity;sid:84481211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618112)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618112/; classtype:trojan-activity;sid:84481212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618113)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618113/; classtype:trojan-activity;sid:84481213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618109)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"145.223.69.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618109/; classtype:trojan-activity;sid:84481209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618108)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618108/; classtype:trojan-activity;sid:84481208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618102)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"145.223.69.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618102/; classtype:trojan-activity;sid:84481202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618103)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"145.223.69.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618103/; classtype:trojan-activity;sid:84481203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618104)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"145.223.69.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618104/; classtype:trojan-activity;sid:84481204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618105)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"145.223.69.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618105/; classtype:trojan-activity;sid:84481205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618106)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"145.223.69.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618106/; classtype:trojan-activity;sid:84481206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618107)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"145.223.69.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618107/; classtype:trojan-activity;sid:84481207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.106.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618101/; classtype:trojan-activity;sid:84481201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.250.184.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618100/; classtype:trojan-activity;sid:84481200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.50.57.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618098/; classtype:trojan-activity;sid:84481198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.25.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618099/; classtype:trojan-activity;sid:84481199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.246.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618093/; classtype:trojan-activity;sid:84481193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.52.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618094/; classtype:trojan-activity;sid:84481194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.104.22.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618095/; classtype:trojan-activity;sid:84481195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.194.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618096/; classtype:trojan-activity;sid:84481196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.217.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618097/; classtype:trojan-activity;sid:84481197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.187.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618092/; classtype:trojan-activity;sid:84481192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618091)"; flow:established,from_client; content:"GET"; http_method; content:"/sdc5zk90bv.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mx.puva6ey2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618091/; classtype:trojan-activity;sid:84481191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.106.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618090/; classtype:trojan-activity;sid:84481190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.187.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618089/; classtype:trojan-activity;sid:84481189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.216.161.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618088/; classtype:trojan-activity;sid:84481188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618087)"; flow:established,from_client; content:"GET"; http_method; content:"/pklcffaqwb.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mx.puva6ey2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618087/; classtype:trojan-activity;sid:84481187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.58.129.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618086/; classtype:trojan-activity;sid:84481186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.223.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618085/; classtype:trojan-activity;sid:84481185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.20.117"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618084/; classtype:trojan-activity;sid:84481184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.6.207.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618083/; classtype:trojan-activity;sid:84481183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.2.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618082/; classtype:trojan-activity;sid:84481182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.58.129.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618081/; classtype:trojan-activity;sid:84481181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618080)"; flow:established,from_client; content:"GET"; http_method; content:"/s21zfs96p0.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mx.puva6ey2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618080/; classtype:trojan-activity;sid:84481180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618079)"; flow:established,from_client; content:"GET"; http_method; content:"/opk3ri7lc0.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"yp.rijo6oe1.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618079/; classtype:trojan-activity;sid:84481179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.20.117"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618078/; classtype:trojan-activity;sid:84481178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.223.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618077/; classtype:trojan-activity;sid:84481177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.244.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618076/; classtype:trojan-activity;sid:84481176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.206.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618075/; classtype:trojan-activity;sid:84481175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.255.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618074/; classtype:trojan-activity;sid:84481174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618073)"; flow:established,from_client; content:"GET"; http_method; content:"/cbubqbxd93.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"yp.rijo6oe1.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618073/; classtype:trojan-activity;sid:84481173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.206.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618072/; classtype:trojan-activity;sid:84481172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.39.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618071/; classtype:trojan-activity;sid:84481171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.110.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618070/; classtype:trojan-activity;sid:84481170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.136.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618069/; classtype:trojan-activity;sid:84481169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618068)"; flow:established,from_client; content:"GET"; http_method; content:"/66n7sdf6f1.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"rka.firu6ui8.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618068/; classtype:trojan-activity;sid:84481168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.244.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618067/; classtype:trojan-activity;sid:84481167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.137.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618066/; classtype:trojan-activity;sid:84481166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.110.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618065/; classtype:trojan-activity;sid:84481165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.137.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618064/; classtype:trojan-activity;sid:84481164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618063)"; flow:established,from_client; content:"GET"; http_method; content:"/7ykknjnzxj.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"rka.firu6ui8.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618063/; classtype:trojan-activity;sid:84481163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.247.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618061/; classtype:trojan-activity;sid:84481161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.47.190.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618062/; classtype:trojan-activity;sid:84481162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618060)"; flow:established,from_client; content:"GET"; http_method; content:"/xm8l57ovq6.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"rka.firu6ui8.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618060/; classtype:trojan-activity;sid:84481160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.78.221.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618059/; classtype:trojan-activity;sid:84481159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618058)"; flow:established,from_client; content:"GET"; http_method; content:"/fl8uofgq7i.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ng.firu6ui8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618058/; classtype:trojan-activity;sid:84481158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.214.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618057/; classtype:trojan-activity;sid:84481157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.47.190.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618056/; classtype:trojan-activity;sid:84481156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.176.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618055/; classtype:trojan-activity;sid:84481155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.20.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618054/; classtype:trojan-activity;sid:84481154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.35.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618053/; classtype:trojan-activity;sid:84481153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618052)"; flow:established,from_client; content:"GET"; http_method; content:"/ow9xgk3nbu.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ng.firu6ui8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618052/; classtype:trojan-activity;sid:84481152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.246.6.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618051/; classtype:trojan-activity;sid:84481151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.176.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618050/; classtype:trojan-activity;sid:84481150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.214.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618049/; classtype:trojan-activity;sid:84481149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.243.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618048/; classtype:trojan-activity;sid:84481148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.93.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618047/; classtype:trojan-activity;sid:84481147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.133.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618046/; classtype:trojan-activity;sid:84481146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618045/; classtype:trojan-activity;sid:84481145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.246.6.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618044/; classtype:trojan-activity;sid:84481144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.157.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618043/; classtype:trojan-activity;sid:84481143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.214.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618042/; classtype:trojan-activity;sid:84481142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.228.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618041/; classtype:trojan-activity;sid:84481141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.205.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618040/; classtype:trojan-activity;sid:84481140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618039)"; flow:established,from_client; content:"GET"; http_method; content:"/5a76cnbpel.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bwa.mize0ao1.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618039/; classtype:trojan-activity;sid:84481139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.1.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618038/; classtype:trojan-activity;sid:84481138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.130.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618036/; classtype:trojan-activity;sid:84481136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.224.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618037/; classtype:trojan-activity;sid:84481137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.51.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618035/; classtype:trojan-activity;sid:84481135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618034/; classtype:trojan-activity;sid:84481134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618033/; classtype:trojan-activity;sid:84481133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.228.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618032/; classtype:trojan-activity;sid:84481132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.229.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618031/; classtype:trojan-activity;sid:84481131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.179.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618030/; classtype:trojan-activity;sid:84481130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.205.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618029/; classtype:trojan-activity;sid:84481129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618028/; classtype:trojan-activity;sid:84481128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.8.176"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618027/; classtype:trojan-activity;sid:84481127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.30.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618026/; classtype:trojan-activity;sid:84481126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.105.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618025/; classtype:trojan-activity;sid:84481125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618024)"; flow:established,from_client; content:"GET"; http_method; content:"/fv1cpipu29.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ck.mize0ao1.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618024/; classtype:trojan-activity;sid:84481124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618023/; classtype:trojan-activity;sid:84481123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618022)"; flow:established,from_client; content:"GET"; http_method; content:"/18gbkei5m4.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zmu.gily1yo3.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618022/; classtype:trojan-activity;sid:84481122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.130.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618021/; classtype:trojan-activity;sid:84481121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.53.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618020/; classtype:trojan-activity;sid:84481120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.16.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618019/; classtype:trojan-activity;sid:84481119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.204.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618018/; classtype:trojan-activity;sid:84481118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.8.176"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618017/; classtype:trojan-activity;sid:84481117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.242.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618016/; classtype:trojan-activity;sid:84481116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618015/; classtype:trojan-activity;sid:84481115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.242.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618014/; classtype:trojan-activity;sid:84481114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618013)"; flow:established,from_client; content:"GET"; http_method; content:"/bftm09p0tv.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"lj.gily1yo3.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618013/; classtype:trojan-activity;sid:84481113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.249.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618012/; classtype:trojan-activity;sid:84481112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618011)"; flow:established,from_client; content:"GET"; http_method; content:"/77yfmbkshq.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"lj.gily1yo3.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618011/; classtype:trojan-activity;sid:84481111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.10.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618010/; classtype:trojan-activity;sid:84481110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.53.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618009/; classtype:trojan-activity;sid:84481109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618007)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618007/; classtype:trojan-activity;sid:84481107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618008)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618008/; classtype:trojan-activity;sid:84481108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618005)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618005/; classtype:trojan-activity;sid:84481105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618006)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618006/; classtype:trojan-activity;sid:84481106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618004)"; flow:established,from_client; content:"GET"; http_method; content:"/t7ugzgz1th.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"lj.gily1yo3.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618004/; classtype:trojan-activity;sid:84481104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618001)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618001/; classtype:trojan-activity;sid:84481101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618002)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618002/; classtype:trojan-activity;sid:84481102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618003)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618003/; classtype:trojan-activity;sid:84481103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617992)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mipsel"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617992/; classtype:trojan-activity;sid:84481092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617993)"; flow:established,from_client; content:"GET"; http_method; content:"/debug"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617993/; classtype:trojan-activity;sid:84481093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617994)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sparc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617994/; classtype:trojan-activity;sid:84481094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617995)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617995/; classtype:trojan-activity;sid:84481095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617996)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.224.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617996/; classtype:trojan-activity;sid:84481096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617997)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617997/; classtype:trojan-activity;sid:84481097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617998)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617998/; classtype:trojan-activity;sid:84481098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617999)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617999/; classtype:trojan-activity;sid:84481099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618000)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.194.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3618000/; classtype:trojan-activity;sid:84481100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.73.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617991/; classtype:trojan-activity;sid:84481091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.16.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617990/; classtype:trojan-activity;sid:84481090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.214.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617989/; classtype:trojan-activity;sid:84481089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617988)"; flow:established,from_client; content:"GET"; http_method; content:"/9vaz47beuw.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tpr.hati3ea0.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617988/; classtype:trojan-activity;sid:84481088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.155.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617987/; classtype:trojan-activity;sid:84481087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.10.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617985/; classtype:trojan-activity;sid:84481085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.227.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617986/; classtype:trojan-activity;sid:84481086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.231.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617984/; classtype:trojan-activity;sid:84481084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.174.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617983/; classtype:trojan-activity;sid:84481083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.223.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617982/; classtype:trojan-activity;sid:84481082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.43.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617981/; classtype:trojan-activity;sid:84481081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.92.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617980/; classtype:trojan-activity;sid:84481080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.199.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617979/; classtype:trojan-activity;sid:84481079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617978)"; flow:established,from_client; content:"GET"; http_method; content:"/mwphdwkrg4.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.wolyviy.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617978/; classtype:trojan-activity;sid:84481078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.2.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617977/; classtype:trojan-activity;sid:84481077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.199.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617976/; classtype:trojan-activity;sid:84481076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.221.201.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617975/; classtype:trojan-activity;sid:84481075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.183.196.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617974/; classtype:trojan-activity;sid:84481074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.246.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617972/; classtype:trojan-activity;sid:84481072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.12.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617973/; classtype:trojan-activity;sid:84481073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.213.156.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617969/; classtype:trojan-activity;sid:84481069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.137.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617970/; classtype:trojan-activity;sid:84481070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.10.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617971/; classtype:trojan-activity;sid:84481071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617966)"; flow:established,from_client; content:"GET"; http_method; content:"/multi/mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"145.223.69.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617966/; classtype:trojan-activity;sid:84481066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.247.222.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617967/; classtype:trojan-activity;sid:84481067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.247.222.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617968/; classtype:trojan-activity;sid:84481068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617964)"; flow:established,from_client; content:"GET"; http_method; content:"/js.php"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"choutek.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617964/; classtype:trojan-activity;sid:84481064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617965)"; flow:established,from_client; content:"GET"; http_method; content:"/9jk.js"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"choutek.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617965/; classtype:trojan-activity;sid:84481065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.214.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617963/; classtype:trojan-activity;sid:84481063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.159.173.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617962/; classtype:trojan-activity;sid:84481062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.107.19.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617961/; classtype:trojan-activity;sid:84481061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.232.137.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617960/; classtype:trojan-activity;sid:84481060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.92.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617959/; classtype:trojan-activity;sid:84481059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617958)"; flow:established,from_client; content:"GET"; http_method; content:"/vbgjiqjbte.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"op.radinau.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617958/; classtype:trojan-activity;sid:84481058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.214.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617957/; classtype:trojan-activity;sid:84481057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.203.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617956/; classtype:trojan-activity;sid:84481056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.159.173.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617955/; classtype:trojan-activity;sid:84481055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617954)"; flow:established,from_client; content:"GET"; http_method; content:"/m9p8g3wu7o.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"op.radinau.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617954/; classtype:trojan-activity;sid:84481054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.157.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617953/; classtype:trojan-activity;sid:84481053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.73.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617952/; classtype:trojan-activity;sid:84481052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.2.49.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617951/; classtype:trojan-activity;sid:84481051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617950)"; flow:established,from_client; content:"GET"; http_method; content:"/k9ddkmy177.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.radinau.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617950/; classtype:trojan-activity;sid:84481050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.68.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617949/; classtype:trojan-activity;sid:84481049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.109.223.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617948/; classtype:trojan-activity;sid:84481048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617947)"; flow:established,from_client; content:"GET"; http_method; content:"/x24dwmbl6a.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.radinau.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617947/; classtype:trojan-activity;sid:84481047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.172.138.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617946/; classtype:trojan-activity;sid:84481046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617945)"; flow:established,from_client; content:"GET"; http_method; content:"/fukn2u6cq6.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"op.koxulaa.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617945/; classtype:trojan-activity;sid:84481045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.214.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617944/; classtype:trojan-activity;sid:84481044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.105.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617943/; classtype:trojan-activity;sid:84481043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.197.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617942/; classtype:trojan-activity;sid:84481042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.159.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617941/; classtype:trojan-activity;sid:84481041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.168.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617940/; classtype:trojan-activity;sid:84481040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.141.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617939/; classtype:trojan-activity;sid:84481039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.216.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617938/; classtype:trojan-activity;sid:84481038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.197.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617937/; classtype:trojan-activity;sid:84481037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.5.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617936/; classtype:trojan-activity;sid:84481036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.150.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617935/; classtype:trojan-activity;sid:84481035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.208.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617934/; classtype:trojan-activity;sid:84481034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.216.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617933/; classtype:trojan-activity;sid:84481033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.1.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617932/; classtype:trojan-activity;sid:84481032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.64.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617931/; classtype:trojan-activity;sid:84481031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617930)"; flow:established,from_client; content:"GET"; http_method; content:"/bdmn17md9j.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.koxulaa.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617930/; classtype:trojan-activity;sid:84481030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.235.42.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617929/; classtype:trojan-activity;sid:84481029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.48.121.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617928/; classtype:trojan-activity;sid:84481028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617926)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/stgna.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"193.233.48.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617926/; classtype:trojan-activity;sid:84481026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617927)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/tblo.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"193.233.48.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617927/; classtype:trojan-activity;sid:84481027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617925)"; flow:established,from_client; content:"GET"; http_method; content:"/stag.mp4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"agriculture-lawyer.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617925/; classtype:trojan-activity;sid:84481025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.179.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617924/; classtype:trojan-activity;sid:84481024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.54.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617923/; classtype:trojan-activity;sid:84481023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617921)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.199.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617921/; classtype:trojan-activity;sid:84481021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617922)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.31.125.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617922/; classtype:trojan-activity;sid:84481022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617917)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"129.28.180.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617917/; classtype:trojan-activity;sid:84481017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617918)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.15.134.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617918/; classtype:trojan-activity;sid:84481018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617919)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.105.160.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617919/; classtype:trojan-activity;sid:84481019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617920)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.31.125.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617920/; classtype:trojan-activity;sid:84481020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617915)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.37.69.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617915/; classtype:trojan-activity;sid:84481015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617916)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.196.19.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617916/; classtype:trojan-activity;sid:84481016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.110.45.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617914/; classtype:trojan-activity;sid:84481014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617913)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.9.8.75"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617913/; classtype:trojan-activity;sid:84481013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617912)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.115.180.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617912/; classtype:trojan-activity;sid:84481012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.165.162.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617902/; classtype:trojan-activity;sid:84481002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.39.109.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617903/; classtype:trojan-activity;sid:84481003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617904/; classtype:trojan-activity;sid:84481004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617905)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.165.85.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617905/; classtype:trojan-activity;sid:84481005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.235.190.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617906/; classtype:trojan-activity;sid:84481006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617907)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.246.160.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617907/; classtype:trojan-activity;sid:84481007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617908)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"27.74.51.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617908/; classtype:trojan-activity;sid:84481008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617909)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.246.160.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617909/; classtype:trojan-activity;sid:84481009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617910)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.230.184.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617910/; classtype:trojan-activity;sid:84481010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.165.100.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617911/; classtype:trojan-activity;sid:84481011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.175.253.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617899/; classtype:trojan-activity;sid:84480999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617900)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.147.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617900/; classtype:trojan-activity;sid:84481000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617901)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.40.118.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617901/; classtype:trojan-activity;sid:84481001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617897)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.44.5.202"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617897/; classtype:trojan-activity;sid:84480997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.157.28.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617898/; classtype:trojan-activity;sid:84480998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.245.210.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617896/; classtype:trojan-activity;sid:84480996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617895)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.147.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617895/; classtype:trojan-activity;sid:84480995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.60.212.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617894/; classtype:trojan-activity;sid:84480994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.55.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617893/; classtype:trojan-activity;sid:84480993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.64.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617892/; classtype:trojan-activity;sid:84480992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.73.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617891/; classtype:trojan-activity;sid:84480991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.30.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617890/; classtype:trojan-activity;sid:84480990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617889)"; flow:established,from_client; content:"GET"; http_method; content:"/j7kk6ufkol.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"op.pysywao.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617889/; classtype:trojan-activity;sid:84480989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.179.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617888/; classtype:trojan-activity;sid:84480988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.82.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617887/; classtype:trojan-activity;sid:84480987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.116.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617886/; classtype:trojan-activity;sid:84480986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617885)"; flow:established,from_client; content:"GET"; http_method; content:"/5fh2dxl6ey.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"op.pysywao.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617885/; classtype:trojan-activity;sid:84480985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.179.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617884/; classtype:trojan-activity;sid:84480984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.168.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617883/; classtype:trojan-activity;sid:84480983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.123.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617882/; classtype:trojan-activity;sid:84480982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.82.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617881/; classtype:trojan-activity;sid:84480981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.116.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617880/; classtype:trojan-activity;sid:84480980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617879)"; flow:established,from_client; content:"GET"; http_method; content:"/kgorunrd43.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"op.pysywao.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617879/; classtype:trojan-activity;sid:84480979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.175.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617877/; classtype:trojan-activity;sid:84480977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.5.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617878/; classtype:trojan-activity;sid:84480978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.18.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617876/; classtype:trojan-activity;sid:84480976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.123.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617875/; classtype:trojan-activity;sid:84480975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.179.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617874/; classtype:trojan-activity;sid:84480974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617863)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617863/; classtype:trojan-activity;sid:84480963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617864)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617864/; classtype:trojan-activity;sid:84480964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617865)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617865/; classtype:trojan-activity;sid:84480965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617866)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617866/; classtype:trojan-activity;sid:84480966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617867)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617867/; classtype:trojan-activity;sid:84480967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617868)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617868/; classtype:trojan-activity;sid:84480968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617869)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617869/; classtype:trojan-activity;sid:84480969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617870)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617870/; classtype:trojan-activity;sid:84480970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617871)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617871/; classtype:trojan-activity;sid:84480971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617872)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617872/; classtype:trojan-activity;sid:84480972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617873)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617873/; classtype:trojan-activity;sid:84480973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.15.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617862/; classtype:trojan-activity;sid:84480962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.169.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617861/; classtype:trojan-activity;sid:84480961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.244.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617860/; classtype:trojan-activity;sid:84480960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.127.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617859/; classtype:trojan-activity;sid:84480959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.180.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617857/; classtype:trojan-activity;sid:84480957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.175.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617858/; classtype:trojan-activity;sid:84480958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617856)"; flow:established,from_client; content:"GET"; http_method; content:"/dwsnmcezul.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"op.pysywao.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617856/; classtype:trojan-activity;sid:84480956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.177.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617855/; classtype:trojan-activity;sid:84480955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.131.163.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617854/; classtype:trojan-activity;sid:84480954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.169.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617853/; classtype:trojan-activity;sid:84480953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.15.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617852/; classtype:trojan-activity;sid:84480952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.55.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617851/; classtype:trojan-activity;sid:84480951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617850)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6421061458/irvoepa.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617850/; classtype:trojan-activity;sid:84480950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.131.163.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617849/; classtype:trojan-activity;sid:84480949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617848)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1349519248/gh7wits.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617848/; classtype:trojan-activity;sid:84480948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.188.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617847/; classtype:trojan-activity;sid:84480947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.119.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617846/; classtype:trojan-activity;sid:84480946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617845)"; flow:established,from_client; content:"GET"; http_method; content:"/pq2m8h2920.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.pysywao.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617845/; classtype:trojan-activity;sid:84480945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.242.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617844/; classtype:trojan-activity;sid:84480944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.188.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617843/; classtype:trojan-activity;sid:84480943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.249.169.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617842/; classtype:trojan-activity;sid:84480942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.41.51.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617841/; classtype:trojan-activity;sid:84480941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617840)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.111.248.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617840/; classtype:trojan-activity;sid:84480940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.18.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617837/; classtype:trojan-activity;sid:84480937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.129.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617838/; classtype:trojan-activity;sid:84480938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617839)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.50.57.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617839/; classtype:trojan-activity;sid:84480939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617835)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.247.222.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617835/; classtype:trojan-activity;sid:84480935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.159.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617836/; classtype:trojan-activity;sid:84480936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.231.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617834/; classtype:trojan-activity;sid:84480934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617833)"; flow:established,from_client; content:"GET"; http_method; content:"/wg.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"riseonid.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617833/; classtype:trojan-activity;sid:84480933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617832)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"riseonid.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617832/; classtype:trojan-activity;sid:84480932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617829)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"riseonid.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617829/; classtype:trojan-activity;sid:84480929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617830)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"riseonid.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617830/; classtype:trojan-activity;sid:84480930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617831)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"riseonid.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617831/; classtype:trojan-activity;sid:84480931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617828)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"riseonid.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617828/; classtype:trojan-activity;sid:84480928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617827)"; flow:established,from_client; content:"GET"; http_method; content:"/fff.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"riseonid.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617827/; classtype:trojan-activity;sid:84480927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617814)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"riseonid.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617814/; classtype:trojan-activity;sid:84480914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617815)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5900855435/yxj9hvg.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617815/; classtype:trojan-activity;sid:84480915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617816)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"riseonid.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617816/; classtype:trojan-activity;sid:84480916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617817)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/o.xml"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"riseonid.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617817/; classtype:trojan-activity;sid:84480917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617818)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"riseonid.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617818/; classtype:trojan-activity;sid:84480918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617819)"; flow:established,from_client; content:"GET"; http_method; content:"/fxgj.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hostingcloud.racing"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617819/; classtype:trojan-activity;sid:84480919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617820)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"akgang.pro"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617820/; classtype:trojan-activity;sid:84480920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617821)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1087989943/qy0evbu.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617821/; classtype:trojan-activity;sid:84480921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617822)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"riseonid.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617822/; classtype:trojan-activity;sid:84480922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617823)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"riseonid.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617823/; classtype:trojan-activity;sid:84480923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617824)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"riseonid.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617824/; classtype:trojan-activity;sid:84480924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617825)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"riseonid.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617825/; classtype:trojan-activity;sid:84480925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617826)"; flow:established,from_client; content:"GET"; http_method; content:"/busy.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"riseonid.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617826/; classtype:trojan-activity;sid:84480926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617810)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"riseonid.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617810/; classtype:trojan-activity;sid:84480910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617811)"; flow:established,from_client; content:"GET"; http_method; content:"/ttt.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"riseonid.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617811/; classtype:trojan-activity;sid:84480911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617812)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"riseonid.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617812/; classtype:trojan-activity;sid:84480912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617813)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"riseonid.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617813/; classtype:trojan-activity;sid:84480913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617808)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6420889076/i5g2pev.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617808/; classtype:trojan-activity;sid:84480908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617809)"; flow:established,from_client; content:"GET"; http_method; content:"/holo.myi"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.54.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617809/; classtype:trojan-activity;sid:84480909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617806)"; flow:established,from_client; content:"GET"; http_method; content:"/files/rdx/random.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617806/; classtype:trojan-activity;sid:84480906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617807)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6691015685/sqnhmrp.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617807/; classtype:trojan-activity;sid:84480907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617805)"; flow:established,from_client; content:"GET"; http_method; content:"/en-es/msi"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sdfgaasdzx.beer"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617805/; classtype:trojan-activity;sid:84480905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617802)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5298241443/ddunft9.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617802/; classtype:trojan-activity;sid:84480902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617803)"; flow:established,from_client; content:"GET"; http_method; content:"/podmorph.img"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"sdfgaasdzx.beer"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617803/; classtype:trojan-activity;sid:84480903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617804)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6849343518/0sraxlr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617804/; classtype:trojan-activity;sid:84480904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617801)"; flow:established,from_client; content:"GET"; http_method; content:"/luma/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617801/; classtype:trojan-activity;sid:84480901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617796)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8283443171/v5kwytd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617796/; classtype:trojan-activity;sid:84480896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617797)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5296057416/tse2e3k.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617797/; classtype:trojan-activity;sid:84480897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617798)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8061402479/xo50qoo.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617798/; classtype:trojan-activity;sid:84480898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617799)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique2/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617799/; classtype:trojan-activity;sid:84480899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617800)"; flow:established,from_client; content:"GET"; http_method; content:"/podmorph.img"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"178.16.54.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617800/; classtype:trojan-activity;sid:84480900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617795)"; flow:established,from_client; content:"GET"; http_method; content:"/files/784403925/k8kgyaj.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617795/; classtype:trojan-activity;sid:84480895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617790)"; flow:established,from_client; content:"GET"; http_method; content:"/files/fate/random.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617790/; classtype:trojan-activity;sid:84480890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617791)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6560547276/vdgcdqx.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617791/; classtype:trojan-activity;sid:84480891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617792)"; flow:established,from_client; content:"GET"; http_method; content:"/files/740061926/ojjvpn1.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617792/; classtype:trojan-activity;sid:84480892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617793)"; flow:established,from_client; content:"GET"; http_method; content:"/files/612229675/1yicmo1.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617793/; classtype:trojan-activity;sid:84480893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617794)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7559408112/ji3j2il.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617794/; classtype:trojan-activity;sid:84480894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617787)"; flow:established,from_client; content:"GET"; http_method; content:"/en-es/msi"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.54.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617787/; classtype:trojan-activity;sid:84480887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617788)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8434554557/2c8fjyq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617788/; classtype:trojan-activity;sid:84480888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617789)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1540890878/jshozte.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617789/; classtype:trojan-activity;sid:84480889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617785)"; flow:established,from_client; content:"GET"; http_method; content:"/get17/install.sh"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ctktravel.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617785/; classtype:trojan-activity;sid:84480885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617786)"; flow:established,from_client; content:"GET"; http_method; content:"/files/174733404/pscmiri.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617786/; classtype:trojan-activity;sid:84480886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617784)"; flow:established,from_client; content:"GET"; http_method; content:"/holo.myi"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sdfgaasdzx.beer"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617784/; classtype:trojan-activity;sid:84480884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617783)"; flow:established,from_client; content:"GET"; http_method; content:"/get3/update"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ctktravel.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617783/; classtype:trojan-activity;sid:84480883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617782)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6075866260/zjzkl2r.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617782/; classtype:trojan-activity;sid:84480882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617781)"; flow:established,from_client; content:"GET"; http_method; content:"/18.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.46.152.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617781/; classtype:trojan-activity;sid:84480881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.72.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617780/; classtype:trojan-activity;sid:84480880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617779)"; flow:established,from_client; content:"GET"; http_method; content:"/2sz8qgbmrq.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.pysywao.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617779/; classtype:trojan-activity;sid:84480879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617778/; classtype:trojan-activity;sid:84480878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.119.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617777/; classtype:trojan-activity;sid:84480877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.145.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617776/; classtype:trojan-activity;sid:84480876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.122.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617774/; classtype:trojan-activity;sid:84480874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.0.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617775/; classtype:trojan-activity;sid:84480875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.41.89"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617773/; classtype:trojan-activity;sid:84480873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.145.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617772/; classtype:trojan-activity;sid:84480872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.160.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617771/; classtype:trojan-activity;sid:84480871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.216.111.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617770/; classtype:trojan-activity;sid:84480870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.0.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617769/; classtype:trojan-activity;sid:84480869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.160.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617768/; classtype:trojan-activity;sid:84480868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.183.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617767/; classtype:trojan-activity;sid:84480867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617766)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%a1%a5%e4%b8%81/139assicc.dll"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"39.104.81.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617766/; classtype:trojan-activity;sid:84480866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617764)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"144.172.93.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617764/; classtype:trojan-activity;sid:84480864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617765)"; flow:established,from_client; content:"GET"; http_method; content:"/stub.dll"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"144.172.93.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617765/; classtype:trojan-activity;sid:84480865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.82.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617763/; classtype:trojan-activity;sid:84480863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.219.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617761/; classtype:trojan-activity;sid:84480861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617762)"; flow:established,from_client; content:"GET"; http_method; content:"/bt7w04skho.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.bojyqiy.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617762/; classtype:trojan-activity;sid:84480862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.28.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617760/; classtype:trojan-activity;sid:84480860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617759/; classtype:trojan-activity;sid:84480859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.186.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617758/; classtype:trojan-activity;sid:84480858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.219.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617757/; classtype:trojan-activity;sid:84480857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617756)"; flow:established,from_client; content:"GET"; http_method; content:"/84peyck3iv.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.bojyqiy.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617756/; classtype:trojan-activity;sid:84480856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.82.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617755/; classtype:trojan-activity;sid:84480855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.50.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617754/; classtype:trojan-activity;sid:84480854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.198.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617753/; classtype:trojan-activity;sid:84480853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.213.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617752/; classtype:trojan-activity;sid:84480852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.203.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617751/; classtype:trojan-activity;sid:84480851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.50.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617750/; classtype:trojan-activity;sid:84480850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.26.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617749/; classtype:trojan-activity;sid:84480849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617748/; classtype:trojan-activity;sid:84480848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.214.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617747/; classtype:trojan-activity;sid:84480847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.71.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617745/; classtype:trojan-activity;sid:84480845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.40.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617746/; classtype:trojan-activity;sid:84480846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.134.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617744/; classtype:trojan-activity;sid:84480844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617743/; classtype:trojan-activity;sid:84480843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617742)"; flow:established,from_client; content:"GET"; http_method; content:"/hgksjtwuqq.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.bojyqiy.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617742/; classtype:trojan-activity;sid:84480842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.161.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617741/; classtype:trojan-activity;sid:84480841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.213.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617740/; classtype:trojan-activity;sid:84480840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.66.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617739/; classtype:trojan-activity;sid:84480839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.203.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617738/; classtype:trojan-activity;sid:84480838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.179.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617737/; classtype:trojan-activity;sid:84480837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.63.5.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617736/; classtype:trojan-activity;sid:84480836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.26.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617735/; classtype:trojan-activity;sid:84480835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.14.236.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617734/; classtype:trojan-activity;sid:84480834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617733)"; flow:established,from_client; content:"GET"; http_method; content:"/3h70s8vl8o.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.bojyqiy.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617733/; classtype:trojan-activity;sid:84480833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.21.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617732/; classtype:trojan-activity;sid:84480832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.181.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617731/; classtype:trojan-activity;sid:84480831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.133.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617730/; classtype:trojan-activity;sid:84480830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.171.219.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617729/; classtype:trojan-activity;sid:84480829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.14.236.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617728/; classtype:trojan-activity;sid:84480828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.133.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617727/; classtype:trojan-activity;sid:84480827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.71.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617726/; classtype:trojan-activity;sid:84480826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.63.5.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617725/; classtype:trojan-activity;sid:84480825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.181.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617724/; classtype:trojan-activity;sid:84480824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.208.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617723/; classtype:trojan-activity;sid:84480823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.88.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617722/; classtype:trojan-activity;sid:84480822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.245.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617721/; classtype:trojan-activity;sid:84480821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.240.174.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617720/; classtype:trojan-activity;sid:84480820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.245.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617719/; classtype:trojan-activity;sid:84480819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617718)"; flow:established,from_client; content:"GET"; http_method; content:"/nak934ty9b.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.bojyqiy.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617718/; classtype:trojan-activity;sid:84480818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.131.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617717/; classtype:trojan-activity;sid:84480817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.113.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617716/; classtype:trojan-activity;sid:84480816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.195.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617715/; classtype:trojan-activity;sid:84480815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.144.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617714/; classtype:trojan-activity;sid:84480814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.29.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617712/; classtype:trojan-activity;sid:84480812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.231.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617713/; classtype:trojan-activity;sid:84480813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.29.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617711/; classtype:trojan-activity;sid:84480811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.104.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617710/; classtype:trojan-activity;sid:84480810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.201.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617709/; classtype:trojan-activity;sid:84480809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.131.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617708/; classtype:trojan-activity;sid:84480808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617707)"; flow:established,from_client; content:"GET"; http_method; content:"/fvn3cdbllz.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.bojyqiy.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617707/; classtype:trojan-activity;sid:84480807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617706/; classtype:trojan-activity;sid:84480806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.201.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617705/; classtype:trojan-activity;sid:84480805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.81.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617704/; classtype:trojan-activity;sid:84480804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.234.181.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617702/; classtype:trojan-activity;sid:84480802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.36.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617703/; classtype:trojan-activity;sid:84480803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.171.177.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617701/; classtype:trojan-activity;sid:84480801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.178.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617700/; classtype:trojan-activity;sid:84480800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.3.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617699/; classtype:trojan-activity;sid:84480799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.201.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617698/; classtype:trojan-activity;sid:84480798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617696)"; flow:established,from_client; content:"GET"; http_method; content:"/ezgw3qgxa3.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.bojyqiy.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617696/; classtype:trojan-activity;sid:84480796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.178.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617697/; classtype:trojan-activity;sid:84480797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.161.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617695/; classtype:trojan-activity;sid:84480795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.38.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617694/; classtype:trojan-activity;sid:84480794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.201.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617693/; classtype:trojan-activity;sid:84480793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.252.196.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617692/; classtype:trojan-activity;sid:84480792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.161.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617691/; classtype:trojan-activity;sid:84480791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.39.131.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617690/; classtype:trojan-activity;sid:84480790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.242.128.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617689/; classtype:trojan-activity;sid:84480789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.242.128.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617688/; classtype:trojan-activity;sid:84480788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.92.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617687/; classtype:trojan-activity;sid:84480787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.201.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617686/; classtype:trojan-activity;sid:84480786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.252.196.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617685/; classtype:trojan-activity;sid:84480785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.148.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617684/; classtype:trojan-activity;sid:84480784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.214.17.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617683/; classtype:trojan-activity;sid:84480783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.129.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617682/; classtype:trojan-activity;sid:84480782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.13.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617681/; classtype:trojan-activity;sid:84480781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.228.171.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617680/; classtype:trojan-activity;sid:84480780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617679)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.247.222.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617679/; classtype:trojan-activity;sid:84480779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.72.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617678/; classtype:trojan-activity;sid:84480778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.213.156.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617673/; classtype:trojan-activity;sid:84480773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617674/; classtype:trojan-activity;sid:84480774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617675/; classtype:trojan-activity;sid:84480775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.150.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617676/; classtype:trojan-activity;sid:84480776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.43.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617677/; classtype:trojan-activity;sid:84480777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.228.171.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617671/; classtype:trojan-activity;sid:84480771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617672/; classtype:trojan-activity;sid:84480772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.35.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617670/; classtype:trojan-activity;sid:84480770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.228.171.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617669/; classtype:trojan-activity;sid:84480769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617668/; classtype:trojan-activity;sid:84480768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.145.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617667/; classtype:trojan-activity;sid:84480767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.79.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617666/; classtype:trojan-activity;sid:84480766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.137.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617665/; classtype:trojan-activity;sid:84480765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.92.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617664/; classtype:trojan-activity;sid:84480764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.35.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617663/; classtype:trojan-activity;sid:84480763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.3.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617662/; classtype:trojan-activity;sid:84480762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.201.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617661/; classtype:trojan-activity;sid:84480761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.16.100.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617660/; classtype:trojan-activity;sid:84480760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.79.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617659/; classtype:trojan-activity;sid:84480759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617658/; classtype:trojan-activity;sid:84480758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617657)"; flow:established,from_client; content:"GET"; http_method; content:"/ps99y3fkvx.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.bojyqiy.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617657/; classtype:trojan-activity;sid:84480757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.92.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617655/; classtype:trojan-activity;sid:84480755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.221.247.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617656/; classtype:trojan-activity;sid:84480756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.44.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617654/; classtype:trojan-activity;sid:84480754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.92.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617653/; classtype:trojan-activity;sid:84480753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.3.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617652/; classtype:trojan-activity;sid:84480752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617651)"; flow:established,from_client; content:"GET"; http_method; content:"/9mapn2rrqt.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.bojyqiy.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617651/; classtype:trojan-activity;sid:84480751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.98.35.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617650/; classtype:trojan-activity;sid:84480750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.33.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617649/; classtype:trojan-activity;sid:84480749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.203.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617648/; classtype:trojan-activity;sid:84480748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.246.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617647/; classtype:trojan-activity;sid:84480747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.153.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617646/; classtype:trojan-activity;sid:84480746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617645/; classtype:trojan-activity;sid:84480745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.122.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617644/; classtype:trojan-activity;sid:84480744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.27.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617643/; classtype:trojan-activity;sid:84480743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617642)"; flow:established,from_client; content:"GET"; http_method; content:"/nko71pox73.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.bojyqiy.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617642/; classtype:trojan-activity;sid:84480742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.200.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617641/; classtype:trojan-activity;sid:84480741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.77.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617640/; classtype:trojan-activity;sid:84480740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.147.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617639/; classtype:trojan-activity;sid:84480739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617638/; classtype:trojan-activity;sid:84480738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617637/; classtype:trojan-activity;sid:84480737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.200.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617636/; classtype:trojan-activity;sid:84480736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617635)"; flow:established,from_client; content:"GET"; http_method; content:"/ivke376u6u.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.bojyqiy.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617635/; classtype:trojan-activity;sid:84480735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.27.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617634/; classtype:trojan-activity;sid:84480734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.227.34.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617633/; classtype:trojan-activity;sid:84480733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.204.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617632/; classtype:trojan-activity;sid:84480732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.68.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617631/; classtype:trojan-activity;sid:84480731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.246.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617630/; classtype:trojan-activity;sid:84480730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617629)"; flow:established,from_client; content:"GET"; http_method; content:"/5m6wx8jane.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.bojyqiy.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617629/; classtype:trojan-activity;sid:84480729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.28.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617628/; classtype:trojan-activity;sid:84480728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617627)"; flow:established,from_client; content:"GET"; http_method; content:"/data/01.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.189.161.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617627/; classtype:trojan-activity;sid:84480727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617626)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.130.213.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617626/; classtype:trojan-activity;sid:84480726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617625)"; flow:established,from_client; content:"GET"; http_method; content:"/ccce41b9-e358-4972-b52d-dd1cdbe5f636.msi"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"193.24.123.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617625/; classtype:trojan-activity;sid:84480725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617624)"; flow:established,from_client; content:"GET"; http_method; content:"/installer.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.125.50.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617624/; classtype:trojan-activity;sid:84480724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617623)"; flow:established,from_client; content:"GET"; http_method; content:"/data/setup.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.189.161.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617623/; classtype:trojan-activity;sid:84480723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617622)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/svchvost.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"194.163.179.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617622/; classtype:trojan-activity;sid:84480722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617620)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.130.213.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617620/; classtype:trojan-activity;sid:84480720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617621)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf%201.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"80.79.6.185"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617621/; classtype:trojan-activity;sid:84480721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617617)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.spc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.130.213.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617617/; classtype:trojan-activity;sid:84480717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617618)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.130.213.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617618/; classtype:trojan-activity;sid:84480718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617619)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.130.213.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617619/; classtype:trojan-activity;sid:84480719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617607)"; flow:established,from_client; content:"GET"; http_method; content:"/pemex.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.130.213.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617607/; classtype:trojan-activity;sid:84480707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617608)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.130.213.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617608/; classtype:trojan-activity;sid:84480708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617609)"; flow:established,from_client; content:"GET"; http_method; content:"/111.pdf"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.125.50.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617609/; classtype:trojan-activity;sid:84480709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617610)"; flow:established,from_client; content:"GET"; http_method; content:"/data/data.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.189.161.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617610/; classtype:trojan-activity;sid:84480710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617611)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.130.213.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617611/; classtype:trojan-activity;sid:84480711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617612)"; flow:established,from_client; content:"GET"; http_method; content:"/64b.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"80.79.6.185"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617612/; classtype:trojan-activity;sid:84480712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617613)"; flow:established,from_client; content:"GET"; http_method; content:"/terms.pdf"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.125.50.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617613/; classtype:trojan-activity;sid:84480713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617614)"; flow:established,from_client; content:"GET"; http_method; content:"/remcos_a.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"80.79.6.185"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617614/; classtype:trojan-activity;sid:84480714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617615)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/terms.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"85.192.48.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617615/; classtype:trojan-activity;sid:84480715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617616)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.130.213.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617616/; classtype:trojan-activity;sid:84480716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617605)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.130.213.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617605/; classtype:trojan-activity;sid:84480705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617606)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.130.213.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617606/; classtype:trojan-activity;sid:84480706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617603)"; flow:established,from_client; content:"GET"; http_method; content:"/file.mp4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.125.50.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617603/; classtype:trojan-activity;sid:84480703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617604)"; flow:established,from_client; content:"GET"; http_method; content:"/data/go1.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.189.161.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617604/; classtype:trojan-activity;sid:84480704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617602)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8350398681/jcyys1g.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617602/; classtype:trojan-activity;sid:84480702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.203.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617601/; classtype:trojan-activity;sid:84480701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.183.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617599/; classtype:trojan-activity;sid:84480699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.241.143.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617600/; classtype:trojan-activity;sid:84480700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.228.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617598/; classtype:trojan-activity;sid:84480698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.28.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617597/; classtype:trojan-activity;sid:84480697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.189.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617596/; classtype:trojan-activity;sid:84480696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.137.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617595/; classtype:trojan-activity;sid:84480695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.169.234.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617594/; classtype:trojan-activity;sid:84480694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.228.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617593/; classtype:trojan-activity;sid:84480693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.24.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617592/; classtype:trojan-activity;sid:84480692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.99.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617591/; classtype:trojan-activity;sid:84480691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617590)"; flow:established,from_client; content:"GET"; http_method; content:"/2z7ki7y0hs.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.bojyqiy.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617590/; classtype:trojan-activity;sid:84480690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617589/; classtype:trojan-activity;sid:84480689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.247.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617588/; classtype:trojan-activity;sid:84480688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.137.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617587/; classtype:trojan-activity;sid:84480687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.122.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617586/; classtype:trojan-activity;sid:84480686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.117.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617585/; classtype:trojan-activity;sid:84480685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.247.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617584/; classtype:trojan-activity;sid:84480684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.203.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617583/; classtype:trojan-activity;sid:84480683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.99.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617582/; classtype:trojan-activity;sid:84480682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.118.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617581/; classtype:trojan-activity;sid:84480681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.29.46.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617580/; classtype:trojan-activity;sid:84480680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.203.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617579/; classtype:trojan-activity;sid:84480679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617578/; classtype:trojan-activity;sid:84480678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.122.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617577/; classtype:trojan-activity;sid:84480677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.176.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617576/; classtype:trojan-activity;sid:84480676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617575)"; flow:established,from_client; content:"GET"; http_method; content:"/zukg3zkpkk.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.bojyqiy.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617575/; classtype:trojan-activity;sid:84480675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.189.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617574/; classtype:trojan-activity;sid:84480674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.246.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617573/; classtype:trojan-activity;sid:84480673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.210.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617572/; classtype:trojan-activity;sid:84480672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.203.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617571/; classtype:trojan-activity;sid:84480671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.118.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617570/; classtype:trojan-activity;sid:84480670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.29.46.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617569/; classtype:trojan-activity;sid:84480669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617568/; classtype:trojan-activity;sid:84480668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.171.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617567/; classtype:trojan-activity;sid:84480667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.166.248.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617566/; classtype:trojan-activity;sid:84480666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617565)"; flow:established,from_client; content:"GET"; http_method; content:"/7o8cr6cx5s.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.bizahao.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617565/; classtype:trojan-activity;sid:84480665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617564)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"62.60.226.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617564/; classtype:trojan-activity;sid:84480664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617562)"; flow:established,from_client; content:"GET"; http_method; content:"/6.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617562/; classtype:trojan-activity;sid:84480662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617563)"; flow:established,from_client; content:"GET"; http_method; content:"/5.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617563/; classtype:trojan-activity;sid:84480663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617561)"; flow:established,from_client; content:"GET"; http_method; content:"/ss.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"limitedexchange.cz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617561/; classtype:trojan-activity;sid:84480661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617560)"; flow:established,from_client; content:"GET"; http_method; content:"/4.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617560/; classtype:trojan-activity;sid:84480660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.13.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617559/; classtype:trojan-activity;sid:84480659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.104.220.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617558/; classtype:trojan-activity;sid:84480658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.194.165.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617557/; classtype:trojan-activity;sid:84480657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.210.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617556/; classtype:trojan-activity;sid:84480656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"144.48.121.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617555/; classtype:trojan-activity;sid:84480655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617554)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1540890878/jshozte.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617554/; classtype:trojan-activity;sid:84480654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617552)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6560547276/vdgcdqx.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617552/; classtype:trojan-activity;sid:84480652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617553)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7919576999/zwfhp43.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617553/; classtype:trojan-activity;sid:84480653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.116.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617551/; classtype:trojan-activity;sid:84480651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.11.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617548/; classtype:trojan-activity;sid:84480648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.28.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617549/; classtype:trojan-activity;sid:84480649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.104.220.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617550/; classtype:trojan-activity;sid:84480650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.207.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617547/; classtype:trojan-activity;sid:84480647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.54.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617546/; classtype:trojan-activity;sid:84480646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.166.248.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617545/; classtype:trojan-activity;sid:84480645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.165.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617544/; classtype:trojan-activity;sid:84480644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.169.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617543/; classtype:trojan-activity;sid:84480643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617542)"; flow:established,from_client; content:"GET"; http_method; content:"/si45m5n0u8.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.bizahao.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617542/; classtype:trojan-activity;sid:84480642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.13.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617541/; classtype:trojan-activity;sid:84480641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.69.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617540/; classtype:trojan-activity;sid:84480640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.210.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617539/; classtype:trojan-activity;sid:84480639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.28.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617538/; classtype:trojan-activity;sid:84480638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.11.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617537/; classtype:trojan-activity;sid:84480637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.69.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617536/; classtype:trojan-activity;sid:84480636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.255.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617535/; classtype:trojan-activity;sid:84480635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.50.57.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617534/; classtype:trojan-activity;sid:84480634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617533)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.250.184.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617533/; classtype:trojan-activity;sid:84480633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.210.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617532/; classtype:trojan-activity;sid:84480632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.15.12.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617531/; classtype:trojan-activity;sid:84480631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.184.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617530/; classtype:trojan-activity;sid:84480630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.226.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617529/; classtype:trojan-activity;sid:84480629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.65.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617528/; classtype:trojan-activity;sid:84480628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.250.184.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617526/; classtype:trojan-activity;sid:84480626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.70.238.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617527/; classtype:trojan-activity;sid:84480627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.170.147.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617523/; classtype:trojan-activity;sid:84480623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.103.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617524/; classtype:trojan-activity;sid:84480624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.170.147.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617525/; classtype:trojan-activity;sid:84480625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.169.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617522/; classtype:trojan-activity;sid:84480622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.51.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617521/; classtype:trojan-activity;sid:84480621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617520)"; flow:established,from_client; content:"GET"; http_method; content:"/9tnbz5hsxx.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.bizahao.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617520/; classtype:trojan-activity;sid:84480620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.13.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617519/; classtype:trojan-activity;sid:84480619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.247.187.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617518/; classtype:trojan-activity;sid:84480618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.255.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617517/; classtype:trojan-activity;sid:84480617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.72.207.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617516/; classtype:trojan-activity;sid:84480616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.12.195"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617515/; classtype:trojan-activity;sid:84480615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.227.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617514/; classtype:trojan-activity;sid:84480614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.153.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617513/; classtype:trojan-activity;sid:84480613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.247.187.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617512/; classtype:trojan-activity;sid:84480612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.178.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617511/; classtype:trojan-activity;sid:84480611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.227.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617510/; classtype:trojan-activity;sid:84480610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.232.63.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617509/; classtype:trojan-activity;sid:84480609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.95.0.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617508/; classtype:trojan-activity;sid:84480608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.126.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617507/; classtype:trojan-activity;sid:84480607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.178.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617506/; classtype:trojan-activity;sid:84480606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.116.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617505/; classtype:trojan-activity;sid:84480605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.163.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617504/; classtype:trojan-activity;sid:84480604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617503)"; flow:established,from_client; content:"GET"; http_method; content:"/4c1oxorjj5.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.jikeqye.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617503/; classtype:trojan-activity;sid:84480603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617502)"; flow:established,from_client; content:"GET"; http_method; content:"/vbpe6suvz9.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.jikeqye.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617502/; classtype:trojan-activity;sid:84480602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617501)"; flow:established,from_client; content:"GET"; http_method; content:"/0o6erfp8he.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.jikeqye.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617501/; classtype:trojan-activity;sid:84480601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617500)"; flow:established,from_client; content:"GET"; http_method; content:"/hzqq4fws9x.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.kogudoo.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617500/; classtype:trojan-activity;sid:84480600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.94.31.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617499/; classtype:trojan-activity;sid:84480599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.36.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617498/; classtype:trojan-activity;sid:84480598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.188.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617497/; classtype:trojan-activity;sid:84480597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.250.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617496/; classtype:trojan-activity;sid:84480596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.116.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617495/; classtype:trojan-activity;sid:84480595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.150.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617494/; classtype:trojan-activity;sid:84480594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.30.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617493/; classtype:trojan-activity;sid:84480593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617492)"; flow:established,from_client; content:"GET"; http_method; content:"/vmriev8jy7.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv.kogudoo.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617492/; classtype:trojan-activity;sid:84480592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.188.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617491/; classtype:trojan-activity;sid:84480591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.72.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617490/; classtype:trojan-activity;sid:84480590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.22.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617489/; classtype:trojan-activity;sid:84480589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.116.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617488/; classtype:trojan-activity;sid:84480588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617487)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.130.213.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617487/; classtype:trojan-activity;sid:84480587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.76.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617486/; classtype:trojan-activity;sid:84480586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.36.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617485/; classtype:trojan-activity;sid:84480585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.252.170.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617484/; classtype:trojan-activity;sid:84480584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617483)"; flow:established,from_client; content:"GET"; http_method; content:"/rpbczh04gl.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"cv.bezyweo.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617483/; classtype:trojan-activity;sid:84480583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.49.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617482/; classtype:trojan-activity;sid:84480582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.100.107.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617481/; classtype:trojan-activity;sid:84480581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.165.117.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617480/; classtype:trojan-activity;sid:84480580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.170.147.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617478/; classtype:trojan-activity;sid:84480578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.35.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617479/; classtype:trojan-activity;sid:84480579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.22.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617477/; classtype:trojan-activity;sid:84480577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617476)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.50.57.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617476/; classtype:trojan-activity;sid:84480576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617474/; classtype:trojan-activity;sid:84480574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617475/; classtype:trojan-activity;sid:84480575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.121.212.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617473/; classtype:trojan-activity;sid:84480573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.122.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617472/; classtype:trojan-activity;sid:84480572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617470)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"193.111.248.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617470/; classtype:trojan-activity;sid:84480570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617471)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"193.111.248.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617471/; classtype:trojan-activity;sid:84480571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.231.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617469/; classtype:trojan-activity;sid:84480569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.77.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617468/; classtype:trojan-activity;sid:84480568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.49.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617466/; classtype:trojan-activity;sid:84480566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.191.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617467/; classtype:trojan-activity;sid:84480567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617465)"; flow:established,from_client; content:"GET"; http_method; content:"/9mvkybpqgn.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"cv.bezyweo.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617465/; classtype:trojan-activity;sid:84480565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.155.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617463/; classtype:trojan-activity;sid:84480563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.48.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617464/; classtype:trojan-activity;sid:84480564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.206.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617462/; classtype:trojan-activity;sid:84480562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.192.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617461/; classtype:trojan-activity;sid:84480561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.191.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617460/; classtype:trojan-activity;sid:84480560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.206.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617459/; classtype:trojan-activity;sid:84480559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.155.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617458/; classtype:trojan-activity;sid:84480558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.195.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617457/; classtype:trojan-activity;sid:84480557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.214.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617456/; classtype:trojan-activity;sid:84480556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617455)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.54.147.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617455/; classtype:trojan-activity;sid:84480555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617452)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.31.126.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617452/; classtype:trojan-activity;sid:84480552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617453)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.109.103.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617453/; classtype:trojan-activity;sid:84480553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617454)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.103.46.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617454/; classtype:trojan-activity;sid:84480554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617451)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.77.206.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617451/; classtype:trojan-activity;sid:84480551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617446)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.31.126.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617446/; classtype:trojan-activity;sid:84480546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617447)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.54.107.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617447/; classtype:trojan-activity;sid:84480547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617448)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.54.16.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617448/; classtype:trojan-activity;sid:84480548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617449)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.31.126.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617449/; classtype:trojan-activity;sid:84480549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617450)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.142.152.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617450/; classtype:trojan-activity;sid:84480550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617436)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"209.54.105.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617436/; classtype:trojan-activity;sid:84480536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617437)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"110.40.176.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617437/; classtype:trojan-activity;sid:84480537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617438)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"3.23.159.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617438/; classtype:trojan-activity;sid:84480538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617439)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.45.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617439/; classtype:trojan-activity;sid:84480539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617440)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.108.198.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617440/; classtype:trojan-activity;sid:84480540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617441)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.109.103.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617441/; classtype:trojan-activity;sid:84480541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617442)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.141.15.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617442/; classtype:trojan-activity;sid:84480542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617443)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.117.1.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617443/; classtype:trojan-activity;sid:84480543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617444)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.139.169.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617444/; classtype:trojan-activity;sid:84480544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617445)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.77.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617445/; classtype:trojan-activity;sid:84480545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.168.174.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617435/; classtype:trojan-activity;sid:84480535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.112.49.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617433/; classtype:trojan-activity;sid:84480533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.206.216.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617434/; classtype:trojan-activity;sid:84480534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.190.187.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617431/; classtype:trojan-activity;sid:84480531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.147.159.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617432/; classtype:trojan-activity;sid:84480532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.231.161.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617430/; classtype:trojan-activity;sid:84480530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.100.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617428/; classtype:trojan-activity;sid:84480528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.111.132.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617429/; classtype:trojan-activity;sid:84480529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.77.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617426/; classtype:trojan-activity;sid:84480526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.189.154.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617427/; classtype:trojan-activity;sid:84480527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.128.220.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617425/; classtype:trojan-activity;sid:84480525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.238.59.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617423/; classtype:trojan-activity;sid:84480523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.149.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617424/; classtype:trojan-activity;sid:84480524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.119.134.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617422/; classtype:trojan-activity;sid:84480522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.157.28.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617420/; classtype:trojan-activity;sid:84480520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.93.200.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617421/; classtype:trojan-activity;sid:84480521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.128.239.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617418/; classtype:trojan-activity;sid:84480518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617419)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.161.88.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617419/; classtype:trojan-activity;sid:84480519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617417)"; flow:established,from_client; content:"GET"; http_method; content:"/u55vw4sdvg.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wtg.xajaqoy.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617417/; classtype:trojan-activity;sid:84480517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617416)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.73.162.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617416/; classtype:trojan-activity;sid:84480516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617407)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.41.157.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617407/; classtype:trojan-activity;sid:84480507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617408)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.209.85.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617408/; classtype:trojan-activity;sid:84480508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617409)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.1.225.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617409/; classtype:trojan-activity;sid:84480509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617410)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.95.124.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617410/; classtype:trojan-activity;sid:84480510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617411)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"183.185.244.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617411/; classtype:trojan-activity;sid:84480511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617412)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.147.194.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617412/; classtype:trojan-activity;sid:84480512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617413)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.162.123.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617413/; classtype:trojan-activity;sid:84480513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617414)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.233.66.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617414/; classtype:trojan-activity;sid:84480514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617415)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.161.88.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617415/; classtype:trojan-activity;sid:84480515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617402)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"97.130.251.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617402/; classtype:trojan-activity;sid:84480502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617403)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.209.200.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617403/; classtype:trojan-activity;sid:84480503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617404)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"153.204.179.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617404/; classtype:trojan-activity;sid:84480504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617405)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"171.235.193.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617405/; classtype:trojan-activity;sid:84480505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617406)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"97.130.251.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617406/; classtype:trojan-activity;sid:84480506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617399)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.153.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617399/; classtype:trojan-activity;sid:84480499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617400)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.187.53.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617400/; classtype:trojan-activity;sid:84480500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617401)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.172.102.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617401/; classtype:trojan-activity;sid:84480501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617398)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.80.56.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617398/; classtype:trojan-activity;sid:84480498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617397)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.169.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617397/; classtype:trojan-activity;sid:84480497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617396)"; flow:established,from_client; content:"GET"; http_method; content:"/tbk.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.61.39.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617396/; classtype:trojan-activity;sid:84480496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.35.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617395/; classtype:trojan-activity;sid:84480495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.119.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617394/; classtype:trojan-activity;sid:84480494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.82.120.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617393/; classtype:trojan-activity;sid:84480493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617392)"; flow:established,from_client; content:"GET"; http_method; content:"/ky3l89i73z.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"vd.kygupyy.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617392/; classtype:trojan-activity;sid:84480492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.207.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617391/; classtype:trojan-activity;sid:84480491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.251.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617390/; classtype:trojan-activity;sid:84480490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617389)"; flow:established,from_client; content:"GET"; http_method; content:"/s03jvzx3vi.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"svp.lecyfoe.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617389/; classtype:trojan-activity;sid:84480489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617388)"; flow:established,from_client; content:"GET"; http_method; content:"/h0dbp9hiw8.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"svp.lecyfoe.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617388/; classtype:trojan-activity;sid:84480488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.39.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617387/; classtype:trojan-activity;sid:84480487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.207.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617386/; classtype:trojan-activity;sid:84480486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.10.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617385/; classtype:trojan-activity;sid:84480485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.251.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617384/; classtype:trojan-activity;sid:84480484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.118.61.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617383/; classtype:trojan-activity;sid:84480483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.21.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617382/; classtype:trojan-activity;sid:84480482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.214.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617381/; classtype:trojan-activity;sid:84480481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.128.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617380/; classtype:trojan-activity;sid:84480480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617379/; classtype:trojan-activity;sid:84480479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617378)"; flow:established,from_client; content:"GET"; http_method; content:"/gr3hftcd80.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"svp.lecyfoe.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617378/; classtype:trojan-activity;sid:84480478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.117.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617377/; classtype:trojan-activity;sid:84480477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617376)"; flow:established,from_client; content:"GET"; http_method; content:"/jaybobo1/supplier/raw/refs/heads/main/po2.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617376/; classtype:trojan-activity;sid:84480476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617375)"; flow:established,from_client; content:"GET"; http_method; content:"/jaybobo1/supplier/raw/refs/heads/main/tipo%20de%20cambio%20preferncial%20masri%20casa%20de.exe"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617375/; classtype:trojan-activity;sid:84480475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617371)"; flow:established,from_client; content:"GET"; http_method; content:"/jaybobo1/supplier/raw/refs/heads/main/specification_93849.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617371/; classtype:trojan-activity;sid:84480471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617372)"; flow:established,from_client; content:"GET"; http_method; content:"/jaybobo1/supplier/raw/refs/heads/main/payment.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617372/; classtype:trojan-activity;sid:84480472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617373)"; flow:established,from_client; content:"GET"; http_method; content:"/jaybobo1/supplier/raw/refs/heads/main/order.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617373/; classtype:trojan-activity;sid:84480473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617374)"; flow:established,from_client; content:"GET"; http_method; content:"/jaybobo1/supplier/raw/refs/heads/main/ddddd.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617374/; classtype:trojan-activity;sid:84480474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617370)"; flow:established,from_client; content:"GET"; http_method; content:"/jaybobo1/supplier/refs/heads/main/ddddd.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617370/; classtype:trojan-activity;sid:84480470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.215.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617369/; classtype:trojan-activity;sid:84480469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617368)"; flow:established,from_client; content:"GET"; http_method; content:"/9gmnigizcr.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"svp.lecyfoe.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617368/; classtype:trojan-activity;sid:84480468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.93.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617367/; classtype:trojan-activity;sid:84480467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617366)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.170.245.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617366/; classtype:trojan-activity;sid:84480466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617364)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"siegeville.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617364/; classtype:trojan-activity;sid:84480464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617365)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"siegeville.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617365/; classtype:trojan-activity;sid:84480465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617363)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"siegeville.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617363/; classtype:trojan-activity;sid:84480463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617358)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617358/; classtype:trojan-activity;sid:84480458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617359)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"siegeville.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617359/; classtype:trojan-activity;sid:84480459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617360)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"siegeville.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617360/; classtype:trojan-activity;sid:84480460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617361)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"siegeville.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617361/; classtype:trojan-activity;sid:84480461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617362)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"siegeville.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617362/; classtype:trojan-activity;sid:84480462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617346)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/sora.spc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617346/; classtype:trojan-activity;sid:84480446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617347)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/sora.arm5"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617347/; classtype:trojan-activity;sid:84480447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617348)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/sora.x86_64"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617348/; classtype:trojan-activity;sid:84480448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617349)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/sora.ppc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617349/; classtype:trojan-activity;sid:84480449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617350)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/sora.m68k"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617350/; classtype:trojan-activity;sid:84480450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617351)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/sora.arm7"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617351/; classtype:trojan-activity;sid:84480451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617352)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/sora.sh4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617352/; classtype:trojan-activity;sid:84480452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617353)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/sora.mpsl"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617353/; classtype:trojan-activity;sid:84480453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617354)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/sora.x86"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617354/; classtype:trojan-activity;sid:84480454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617355)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/sora.arm6"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617355/; classtype:trojan-activity;sid:84480455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617356)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/sora.arm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617356/; classtype:trojan-activity;sid:84480456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617357)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/sora.mips"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617357/; classtype:trojan-activity;sid:84480457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617345)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6849343518/0sraxlr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617345/; classtype:trojan-activity;sid:84480445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.117.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617344/; classtype:trojan-activity;sid:84480444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.87.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617343/; classtype:trojan-activity;sid:84480443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.114.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617342/; classtype:trojan-activity;sid:84480442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.247.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617341/; classtype:trojan-activity;sid:84480441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.122.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617339/; classtype:trojan-activity;sid:84480439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.246.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617340/; classtype:trojan-activity;sid:84480440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.26.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617338/; classtype:trojan-activity;sid:84480438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.64.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617337/; classtype:trojan-activity;sid:84480437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.35.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617336/; classtype:trojan-activity;sid:84480436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.242.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617335/; classtype:trojan-activity;sid:84480435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.255.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617334/; classtype:trojan-activity;sid:84480434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.26.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617333/; classtype:trojan-activity;sid:84480433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.21.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617332/; classtype:trojan-activity;sid:84480432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.100.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617331/; classtype:trojan-activity;sid:84480431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.245.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617330/; classtype:trojan-activity;sid:84480430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.73.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617329/; classtype:trojan-activity;sid:84480429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.255.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617328/; classtype:trojan-activity;sid:84480428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.73.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617327/; classtype:trojan-activity;sid:84480427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.73.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617326/; classtype:trojan-activity;sid:84480426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617325)"; flow:established,from_client; content:"GET"; http_method; content:"/qyiq1ollhr.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"vsa.lalequo.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617325/; classtype:trojan-activity;sid:84480425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.140.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617324/; classtype:trojan-activity;sid:84480424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.86.239.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617323/; classtype:trojan-activity;sid:84480423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617322)"; flow:established,from_client; content:"GET"; http_method; content:"/g1dacocgyw.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"vsa.lalequo.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617322/; classtype:trojan-activity;sid:84480422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.73.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617321/; classtype:trojan-activity;sid:84480421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.165.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617320/; classtype:trojan-activity;sid:84480420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.160.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617319/; classtype:trojan-activity;sid:84480419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.94.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617318/; classtype:trojan-activity;sid:84480418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.160.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617317/; classtype:trojan-activity;sid:84480417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.165.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617316/; classtype:trojan-activity;sid:84480416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617315/; classtype:trojan-activity;sid:84480415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.59.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617314/; classtype:trojan-activity;sid:84480414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.174.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617313/; classtype:trojan-activity;sid:84480413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617311)"; flow:established,from_client; content:"GET"; http_method; content:"/9i6y.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"saewh.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617311/; classtype:trojan-activity;sid:84480411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617312)"; flow:established,from_client; content:"GET"; http_method; content:"/js.php"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"saewh.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617312/; classtype:trojan-activity;sid:84480412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.171.177.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617309/; classtype:trojan-activity;sid:84480409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.173.199.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617310/; classtype:trojan-activity;sid:84480410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.239.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617307/; classtype:trojan-activity;sid:84480407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.169.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617308/; classtype:trojan-activity;sid:84480408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.236.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617305/; classtype:trojan-activity;sid:84480405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.58.108.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617306/; classtype:trojan-activity;sid:84480406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617304)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.i586"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2.58.113.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617304/; classtype:trojan-activity;sid:84480404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617303)"; flow:established,from_client; content:"GET"; http_method; content:"/and5k/raw"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dpaste.org"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617303/; classtype:trojan-activity;sid:84480403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617302)"; flow:established,from_client; content:"GET"; http_method; content:"/k7nyj/raw"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dpaste.org"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617302/; classtype:trojan-activity;sid:84480402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617301)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/878395275960545354/1412795687439040664/vmdocumenots.txt|3f|ex=68ba40c4|7c|26|7c|is=68b8ef44|7c|26|7c|hm=7fba32e9577d667e385dd08cd5bf6b89ccaf85f358236db1d5a83ac37ab3d7d3|7c|26|7c|"; http_uri; depth:191; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617301/; classtype:trojan-activity;sid:84480401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617300/; classtype:trojan-activity;sid:84480400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617299)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"bafybeigflxagpa2wxbiphukkcrhu2tht3rzks6hxtz7vfmlnq2lr6lsrui.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617299/; classtype:trojan-activity;sid:84480399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617298)"; flow:established,from_client; content:"GET"; http_method; content:"/feq5fj5h1q.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617298/; classtype:trojan-activity;sid:84480398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617297)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/vtw9t75yzdivotf67mj7j/gmail2.7z|3f|rlkey=unfdtufke7kq57eatq90x716q|7c|26|7c|st=1vng48uz|7c|26|7c|dl=1"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617297/; classtype:trojan-activity;sid:84480397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617296)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tewbhqe4unkfbvtkr8griju64i5vziajroe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"178.16.54.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617296/; classtype:trojan-activity;sid:84480396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617295)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/wybqpfagcv7fy6eyiqeeiovs1u9yraar4y"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"178.16.54.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617295/; classtype:trojan-activity;sid:84480395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617291)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/wmky9k463uxhoepuorlkvjb2zry3ekcr3h"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"178.16.54.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617291/; classtype:trojan-activity;sid:84480391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617292)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/wk3zczkrlgl9niinn1o0867bsyvs7pnsnn"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"178.16.54.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617292/; classtype:trojan-activity;sid:84480392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617293)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hq0aflxwulx2cwzgisumvqqkarp1jfntea"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"178.16.54.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617293/; classtype:trojan-activity;sid:84480393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617294)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/24egkcbzpxawecfxuy2xvsfffxvgmsrvvo"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"178.16.54.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617294/; classtype:trojan-activity;sid:84480394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617290)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/qicu0z0higcnenjjzdpcqutdvvt0b89reoe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"178.16.54.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617290/; classtype:trojan-activity;sid:84480390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617289)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/2gc5tb907lwabi0nue5iifuwgjo9yv3wh3"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"178.16.54.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617289/; classtype:trojan-activity;sid:84480389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617288)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/obqkapetgxlwvxepggwx0oydhdvqtulaci"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"178.16.54.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617288/; classtype:trojan-activity;sid:84480388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617287)"; flow:established,from_client; content:"GET"; http_method; content:"/alluser/big7/system.php|3f|action=get_payload|7c|26|7c|key_id=461710175dafb906"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"api.robquiz.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617287/; classtype:trojan-activity;sid:84480387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.25.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617286/; classtype:trojan-activity;sid:84480386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617285)"; flow:established,from_client; content:"GET"; http_method; content:"/jgyt3tpsarqmnak.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617285/; classtype:trojan-activity;sid:84480385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617284)"; flow:established,from_client; content:"GET"; http_method; content:"/cfbqjqk3bt4znoq.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617284/; classtype:trojan-activity;sid:84480384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617283)"; flow:established,from_client; content:"GET"; http_method; content:"/yqxh3z6wi6r5afg.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617283/; classtype:trojan-activity;sid:84480383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617282)"; flow:established,from_client; content:"GET"; http_method; content:"/test/notepad.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"wsbcard.s3.dualstack.us-east-1.amazonaws.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617282/; classtype:trojan-activity;sid:84480382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.220.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617281/; classtype:trojan-activity;sid:84480381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.224.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617280/; classtype:trojan-activity;sid:84480380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.70.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617279/; classtype:trojan-activity;sid:84480379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617278)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7309543463/3v8hcww.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617278/; classtype:trojan-activity;sid:84480378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617277)"; flow:established,from_client; content:"GET"; http_method; content:"/8dkn6tgrqr.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617277/; classtype:trojan-activity;sid:84480377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617276)"; flow:established,from_client; content:"GET"; http_method; content:"/j8ahghtzp969ca/scrdll.bin"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"95.216.187.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617276/; classtype:trojan-activity;sid:84480376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.66.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617275/; classtype:trojan-activity;sid:84480375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.25.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617274/; classtype:trojan-activity;sid:84480374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617273)"; flow:established,from_client; content:"GET"; http_method; content:"/h2/crypto.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"196.251.73.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617273/; classtype:trojan-activity;sid:84480373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617272)"; flow:established,from_client; content:"GET"; http_method; content:"/carkingly.toc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"serralux.pt"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617272/; classtype:trojan-activity;sid:84480372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.186.156.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617271/; classtype:trojan-activity;sid:84480371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.126.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617270/; classtype:trojan-activity;sid:84480370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617269)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1540890878/hqjfyp9.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617269/; classtype:trojan-activity;sid:84480369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617268)"; flow:established,from_client; content:"GET"; http_method; content:"/files/174733404/pscmiri.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617268/; classtype:trojan-activity;sid:84480368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617267)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7521979641/gu8pu2k.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617267/; classtype:trojan-activity;sid:84480367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.66.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617266/; classtype:trojan-activity;sid:84480366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.156.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617265/; classtype:trojan-activity;sid:84480365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.247.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617264/; classtype:trojan-activity;sid:84480364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.126.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617263/; classtype:trojan-activity;sid:84480363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.246.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617262/; classtype:trojan-activity;sid:84480362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.46.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617261/; classtype:trojan-activity;sid:84480361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617260)"; flow:established,from_client; content:"GET"; http_method; content:"/e0qeo3iapw.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617260/; classtype:trojan-activity;sid:84480360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.90.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617259/; classtype:trojan-activity;sid:84480359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.80.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617258/; classtype:trojan-activity;sid:84480358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.84.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617257/; classtype:trojan-activity;sid:84480357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.220.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617256/; classtype:trojan-activity;sid:84480356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.239.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617255/; classtype:trojan-activity;sid:84480355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.241.143.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617254/; classtype:trojan-activity;sid:84480354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.158.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617253/; classtype:trojan-activity;sid:84480353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617252)"; flow:established,from_client; content:"GET"; http_method; content:"/iep4148s9a.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617252/; classtype:trojan-activity;sid:84480352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.48.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617251/; classtype:trojan-activity;sid:84480351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.171.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617250/; classtype:trojan-activity;sid:84480350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.80.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617249/; classtype:trojan-activity;sid:84480349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.187.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617248/; classtype:trojan-activity;sid:84480348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.48.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617247/; classtype:trojan-activity;sid:84480347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.244.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617246/; classtype:trojan-activity;sid:84480346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.110.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617245/; classtype:trojan-activity;sid:84480345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.170.234.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617244/; classtype:trojan-activity;sid:84480344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.254.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617243/; classtype:trojan-activity;sid:84480343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617242)"; flow:established,from_client; content:"GET"; http_method; content:"/cqqwcpksa6.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617242/; classtype:trojan-activity;sid:84480342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.48.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617241/; classtype:trojan-activity;sid:84480341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.156.228.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617240/; classtype:trojan-activity;sid:84480340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.58.163"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617239/; classtype:trojan-activity;sid:84480339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617238)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.170.245.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617238/; classtype:trojan-activity;sid:84480338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617236)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.170.245.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617236/; classtype:trojan-activity;sid:84480336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617237)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.170.245.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617237/; classtype:trojan-activity;sid:84480337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617235)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7599742358/0gitvix.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617235/; classtype:trojan-activity;sid:84480335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.155.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617234/; classtype:trojan-activity;sid:84480334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.110.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617233/; classtype:trojan-activity;sid:84480333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.73.161.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617232/; classtype:trojan-activity;sid:84480332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.58.163"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617230/; classtype:trojan-activity;sid:84480330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.156.228.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617231/; classtype:trojan-activity;sid:84480331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.44.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617229/; classtype:trojan-activity;sid:84480329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.155.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617228/; classtype:trojan-activity;sid:84480328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.165.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617227/; classtype:trojan-activity;sid:84480327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617226)"; flow:established,from_client; content:"GET"; http_method; content:"/9r81dzpf51.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617226/; classtype:trojan-activity;sid:84480326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.241.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617225/; classtype:trojan-activity;sid:84480325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617224)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1540890878/vqmidaq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617224/; classtype:trojan-activity;sid:84480324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617223/; classtype:trojan-activity;sid:84480323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.46.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617222/; classtype:trojan-activity;sid:84480322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617221)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1540890878/1wqwzs3.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617221/; classtype:trojan-activity;sid:84480321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617220)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cdektrak.icu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617220/; classtype:trojan-activity;sid:84480320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617218)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7599742358/59vtzhu.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617218/; classtype:trojan-activity;sid:84480318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617219)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8042875554/exaevs7.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617219/; classtype:trojan-activity;sid:84480319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.115.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617217/; classtype:trojan-activity;sid:84480317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.241.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617216/; classtype:trojan-activity;sid:84480316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.47.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617215/; classtype:trojan-activity;sid:84480315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617214)"; flow:established,from_client; content:"GET"; http_method; content:"/9ufgyt730v.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617214/; classtype:trojan-activity;sid:84480314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.14.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617213/; classtype:trojan-activity;sid:84480313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.115.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617212/; classtype:trojan-activity;sid:84480312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.46.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617211/; classtype:trojan-activity;sid:84480311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.134.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617210/; classtype:trojan-activity;sid:84480310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617208/; classtype:trojan-activity;sid:84480308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.144.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617209/; classtype:trojan-activity;sid:84480309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617207)"; flow:established,from_client; content:"GET"; http_method; content:"/kfm74ht6wu.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617207/; classtype:trojan-activity;sid:84480307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.14.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617206/; classtype:trojan-activity;sid:84480306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.82.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617205/; classtype:trojan-activity;sid:84480305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617204)"; flow:established,from_client; content:"GET"; http_method; content:"/a07/items.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"123.99.198.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617204/; classtype:trojan-activity;sid:84480304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617203)"; flow:established,from_client; content:"GET"; http_method; content:"/a07/items.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"202.189.12.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617203/; classtype:trojan-activity;sid:84480303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617202)"; flow:established,from_client; content:"GET"; http_method; content:"/a07/items.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"124.248.66.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617202/; classtype:trojan-activity;sid:84480302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617201)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617201/; classtype:trojan-activity;sid:84480301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617200)"; flow:established,from_client; content:"GET"; http_method; content:"/a07/items.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"123.99.198.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617200/; classtype:trojan-activity;sid:84480300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617198)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.16.119.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617198/; classtype:trojan-activity;sid:84480298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617199)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/foto/video.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.16.119.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617199/; classtype:trojan-activity;sid:84480299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617197)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/2022%20roma/photo.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"151.27.189.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617197/; classtype:trojan-activity;sid:84480297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617195)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.16.119.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617195/; classtype:trojan-activity;sid:84480295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617196)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617196/; classtype:trojan-activity;sid:84480296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617191)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.27.189.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617191/; classtype:trojan-activity;sid:84480291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617192)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.27.189.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617192/; classtype:trojan-activity;sid:84480292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617193)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617193/; classtype:trojan-activity;sid:84480293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617194)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/foto/photo.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.16.119.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617194/; classtype:trojan-activity;sid:84480294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617188)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/foto/video.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.16.119.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617188/; classtype:trojan-activity;sid:84480288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617189)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617189/; classtype:trojan-activity;sid:84480289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617190)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617190/; classtype:trojan-activity;sid:84480290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617180)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.16.119.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617180/; classtype:trojan-activity;sid:84480280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617181)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.27.189.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617181/; classtype:trojan-activity;sid:84480281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617182)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/2022%20roma/video.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"151.27.189.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617182/; classtype:trojan-activity;sid:84480282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617183)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/foto/av.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"151.16.119.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617183/; classtype:trojan-activity;sid:84480283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617184)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.27.189.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617184/; classtype:trojan-activity;sid:84480284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617185)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/2022%20roma/av.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"151.27.189.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617185/; classtype:trojan-activity;sid:84480285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617186)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/2022%20roma/video.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"151.27.189.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617186/; classtype:trojan-activity;sid:84480286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617187)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.16.119.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617187/; classtype:trojan-activity;sid:84480287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617176)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.27.189.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617176/; classtype:trojan-activity;sid:84480276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617177)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/foto/photo.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.16.119.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617177/; classtype:trojan-activity;sid:84480277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617178)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.16.119.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617178/; classtype:trojan-activity;sid:84480278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617179)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.16.119.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617179/; classtype:trojan-activity;sid:84480279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617172)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.27.189.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617172/; classtype:trojan-activity;sid:84480272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617173)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/2022%20roma/av.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"151.27.189.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617173/; classtype:trojan-activity;sid:84480273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617174)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/foto/av.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"151.16.119.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617174/; classtype:trojan-activity;sid:84480274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617175)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/2022%20roma/photo.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"151.27.189.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617175/; classtype:trojan-activity;sid:84480275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617171/; classtype:trojan-activity;sid:84480271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.134.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617170/; classtype:trojan-activity;sid:84480270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.182.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617169/; classtype:trojan-activity;sid:84480269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.232.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617168/; classtype:trojan-activity;sid:84480268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617167)"; flow:established,from_client; content:"GET"; http_method; content:"/ftb1urutfc.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617167/; classtype:trojan-activity;sid:84480267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617165)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"drooby.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617165/; classtype:trojan-activity;sid:84480265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617166)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"drooby.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617166/; classtype:trojan-activity;sid:84480266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617164)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617164/; classtype:trojan-activity;sid:84480264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617163)"; flow:established,from_client; content:"GET"; http_method; content:"/p.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.160.56.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617163/; classtype:trojan-activity;sid:84480263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617162)"; flow:established,from_client; content:"GET"; http_method; content:"/y04nh7fqwe.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617162/; classtype:trojan-activity;sid:84480262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617157)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617157/; classtype:trojan-activity;sid:84480257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617158)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617158/; classtype:trojan-activity;sid:84480258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617159)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"drooby.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617159/; classtype:trojan-activity;sid:84480259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617160)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617160/; classtype:trojan-activity;sid:84480260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617161)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"drooby.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617161/; classtype:trojan-activity;sid:84480261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617155)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"drooby.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617155/; classtype:trojan-activity;sid:84480255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617156)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617156/; classtype:trojan-activity;sid:84480256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617151)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617151/; classtype:trojan-activity;sid:84480251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617152)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617152/; classtype:trojan-activity;sid:84480252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617153)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617153/; classtype:trojan-activity;sid:84480253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617154)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617154/; classtype:trojan-activity;sid:84480254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617144)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617144/; classtype:trojan-activity;sid:84480244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617145)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617145/; classtype:trojan-activity;sid:84480245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617146)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"drooby.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617146/; classtype:trojan-activity;sid:84480246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617147)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617147/; classtype:trojan-activity;sid:84480247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617148)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617148/; classtype:trojan-activity;sid:84480248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617149)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617149/; classtype:trojan-activity;sid:84480249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617150)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"drooby.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617150/; classtype:trojan-activity;sid:84480250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617132)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617132/; classtype:trojan-activity;sid:84480232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617133)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617133/; classtype:trojan-activity;sid:84480233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617134)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617134/; classtype:trojan-activity;sid:84480234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617135)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617135/; classtype:trojan-activity;sid:84480235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617136)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617136/; classtype:trojan-activity;sid:84480236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617137)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617137/; classtype:trojan-activity;sid:84480237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617138)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617138/; classtype:trojan-activity;sid:84480238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617139)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617139/; classtype:trojan-activity;sid:84480239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617140)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617140/; classtype:trojan-activity;sid:84480240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617141)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617141/; classtype:trojan-activity;sid:84480241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617142)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617142/; classtype:trojan-activity;sid:84480242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617143)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617143/; classtype:trojan-activity;sid:84480243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617130)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617130/; classtype:trojan-activity;sid:84480230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617131)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617131/; classtype:trojan-activity;sid:84480231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617120)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617120/; classtype:trojan-activity;sid:84480220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617121)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"drooby.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617121/; classtype:trojan-activity;sid:84480221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617122)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617122/; classtype:trojan-activity;sid:84480222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617123)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617123/; classtype:trojan-activity;sid:84480223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617124)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617124/; classtype:trojan-activity;sid:84480224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617125)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617125/; classtype:trojan-activity;sid:84480225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617126)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617126/; classtype:trojan-activity;sid:84480226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617127)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617127/; classtype:trojan-activity;sid:84480227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617128)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"drooby.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617128/; classtype:trojan-activity;sid:84480228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617129)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617129/; classtype:trojan-activity;sid:84480229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617104)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617104/; classtype:trojan-activity;sid:84480204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617105)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617105/; classtype:trojan-activity;sid:84480205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617106)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617106/; classtype:trojan-activity;sid:84480206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617107)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617107/; classtype:trojan-activity;sid:84480207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617108)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617108/; classtype:trojan-activity;sid:84480208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617109)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617109/; classtype:trojan-activity;sid:84480209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617110)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617110/; classtype:trojan-activity;sid:84480210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617111)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"drooby.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617111/; classtype:trojan-activity;sid:84480211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617112)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"drooby.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617112/; classtype:trojan-activity;sid:84480212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617113)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"drooby.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617113/; classtype:trojan-activity;sid:84480213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617114)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617114/; classtype:trojan-activity;sid:84480214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617115)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"drooby.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617115/; classtype:trojan-activity;sid:84480215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617116)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617116/; classtype:trojan-activity;sid:84480216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617117)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617117/; classtype:trojan-activity;sid:84480217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617118)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617118/; classtype:trojan-activity;sid:84480218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617119)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"drooby.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617119/; classtype:trojan-activity;sid:84480219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617096)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617096/; classtype:trojan-activity;sid:84480196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617097)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617097/; classtype:trojan-activity;sid:84480197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617098)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617098/; classtype:trojan-activity;sid:84480198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617099)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"drooby.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617099/; classtype:trojan-activity;sid:84480199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617100)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617100/; classtype:trojan-activity;sid:84480200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617101)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617101/; classtype:trojan-activity;sid:84480201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617102)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617102/; classtype:trojan-activity;sid:84480202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617103)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617103/; classtype:trojan-activity;sid:84480203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617095)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617095/; classtype:trojan-activity;sid:84480195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617094)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617094/; classtype:trojan-activity;sid:84480194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617092)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617092/; classtype:trojan-activity;sid:84480192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617093)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617093/; classtype:trojan-activity;sid:84480193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617091)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617091/; classtype:trojan-activity;sid:84480191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617090)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617090/; classtype:trojan-activity;sid:84480190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617089)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617089/; classtype:trojan-activity;sid:84480189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617088)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617088/; classtype:trojan-activity;sid:84480188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617087)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617087/; classtype:trojan-activity;sid:84480187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.158.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617086/; classtype:trojan-activity;sid:84480186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.65.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617083/; classtype:trojan-activity;sid:84480183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.120.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617084/; classtype:trojan-activity;sid:84480184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.201.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617085/; classtype:trojan-activity;sid:84480185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.240.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617082/; classtype:trojan-activity;sid:84480182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617081)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6421061458/dadh8dx.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617081/; classtype:trojan-activity;sid:84480181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.50.57.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617080/; classtype:trojan-activity;sid:84480180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.117.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617079/; classtype:trojan-activity;sid:84480179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.173.199.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617077/; classtype:trojan-activity;sid:84480177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617078/; classtype:trojan-activity;sid:84480178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.163.209.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617071/; classtype:trojan-activity;sid:84480171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.163.209.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617072/; classtype:trojan-activity;sid:84480172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.64.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617073/; classtype:trojan-activity;sid:84480173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.96.228.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617074/; classtype:trojan-activity;sid:84480174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.48.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617075/; classtype:trojan-activity;sid:84480175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.217.3.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617076/; classtype:trojan-activity;sid:84480176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.216.111.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617070/; classtype:trojan-activity;sid:84480170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.181.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617069/; classtype:trojan-activity;sid:84480169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617068)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617068/; classtype:trojan-activity;sid:84480168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617066)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617066/; classtype:trojan-activity;sid:84480166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617067)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617067/; classtype:trojan-activity;sid:84480167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617065)"; flow:established,from_client; content:"GET"; http_method; content:"/1gd27krfrr.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617065/; classtype:trojan-activity;sid:84480165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617064/; classtype:trojan-activity;sid:84480164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.202.246.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617063/; classtype:trojan-activity;sid:84480163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617061)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"astrodating.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617061/; classtype:trojan-activity;sid:84480161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617062)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"astrodating.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617062/; classtype:trojan-activity;sid:84480162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617059)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"astrodating.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617059/; classtype:trojan-activity;sid:84480159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617060)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.astrodating.eu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617060/; classtype:trojan-activity;sid:84480160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617052)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.astrodating.eu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617052/; classtype:trojan-activity;sid:84480152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617053)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.astrodating.eu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617053/; classtype:trojan-activity;sid:84480153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617054)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.astrodating.eu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617054/; classtype:trojan-activity;sid:84480154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617055)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"astrodating.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617055/; classtype:trojan-activity;sid:84480155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617056)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.astrodating.eu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617056/; classtype:trojan-activity;sid:84480156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617057)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.astrodating.eu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617057/; classtype:trojan-activity;sid:84480157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617058)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.astrodating.eu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617058/; classtype:trojan-activity;sid:84480158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617041)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"astrodating.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617041/; classtype:trojan-activity;sid:84480141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617042)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"astrodating.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617042/; classtype:trojan-activity;sid:84480142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617043)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"astrodating.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617043/; classtype:trojan-activity;sid:84480143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617044)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"astrodating.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617044/; classtype:trojan-activity;sid:84480144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617045)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"astrodating.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617045/; classtype:trojan-activity;sid:84480145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617046)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"astrodating.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617046/; classtype:trojan-activity;sid:84480146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617047)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"astrodating.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617047/; classtype:trojan-activity;sid:84480147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617048)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.astrodating.eu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617048/; classtype:trojan-activity;sid:84480148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617049)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.astrodating.eu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617049/; classtype:trojan-activity;sid:84480149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617050)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.astrodating.eu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617050/; classtype:trojan-activity;sid:84480150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617051)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"astrodating.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617051/; classtype:trojan-activity;sid:84480151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617040)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.astrodating.eu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617040/; classtype:trojan-activity;sid:84480140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617039)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.astrodating.eu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617039/; classtype:trojan-activity;sid:84480139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617038)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.astrodating.eu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617038/; classtype:trojan-activity;sid:84480138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617037)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"astrodating.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617037/; classtype:trojan-activity;sid:84480137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.4.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617036/; classtype:trojan-activity;sid:84480136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.165.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617035/; classtype:trojan-activity;sid:84480135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617034)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6420889076/i5g2pev.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617034/; classtype:trojan-activity;sid:84480134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.34.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617033/; classtype:trojan-activity;sid:84480133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.14.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617032/; classtype:trojan-activity;sid:84480132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617031)"; flow:established,from_client; content:"GET"; http_method; content:"/alluser/big7/system.php|3f|action=get_payload|7c|26|7c|key_id=a67efd4190cb0893"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"api.robquiz.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617031/; classtype:trojan-activity;sid:84480131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.27.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617030/; classtype:trojan-activity;sid:84480130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.4.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617029/; classtype:trojan-activity;sid:84480129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.14.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617028/; classtype:trojan-activity;sid:84480128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.214.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617027/; classtype:trojan-activity;sid:84480127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617026)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"74.48.84.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617026/; classtype:trojan-activity;sid:84480126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617023)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"74.48.84.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617023/; classtype:trojan-activity;sid:84480123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617024)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"74.48.84.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617024/; classtype:trojan-activity;sid:84480124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617025)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"74.48.84.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617025/; classtype:trojan-activity;sid:84480125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.34.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617022/; classtype:trojan-activity;sid:84480122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.201.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617021/; classtype:trojan-activity;sid:84480121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.82.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617020/; classtype:trojan-activity;sid:84480120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.147.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617019/; classtype:trojan-activity;sid:84480119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617018)"; flow:established,from_client; content:"GET"; http_method; content:"/ocpspgr8vy.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617018/; classtype:trojan-activity;sid:84480118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.121.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617017/; classtype:trojan-activity;sid:84480117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.209.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617016/; classtype:trojan-activity;sid:84480116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.88.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617015/; classtype:trojan-activity;sid:84480115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.121.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617014/; classtype:trojan-activity;sid:84480114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617013)"; flow:established,from_client; content:"GET"; http_method; content:"/ghrby3dq0r.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617013/; classtype:trojan-activity;sid:84480113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617012/; classtype:trojan-activity;sid:84480112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.21.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617011/; classtype:trojan-activity;sid:84480111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.131.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617010/; classtype:trojan-activity;sid:84480110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.211.46.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617009/; classtype:trojan-activity;sid:84480109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.181.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617008/; classtype:trojan-activity;sid:84480108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.81.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617007/; classtype:trojan-activity;sid:84480107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.145.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617006/; classtype:trojan-activity;sid:84480106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617005/; classtype:trojan-activity;sid:84480105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.147.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617004/; classtype:trojan-activity;sid:84480104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617003)"; flow:established,from_client; content:"GET"; http_method; content:"/rpf6608tpz.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617003/; classtype:trojan-activity;sid:84480103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617002/; classtype:trojan-activity;sid:84480102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.131.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617001/; classtype:trojan-activity;sid:84480101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617000)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/pl014yo4w1q9dnn5t0ny7/dcllegan111.txt|3f|rlkey=xdoz5g1hnnqyqr2wmhzxy8db1|7c|26|7c|st=t5ts7xrb|7c|26|7c|dl=1"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617000/; classtype:trojan-activity;sid:84480100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616999)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/jryqbtegz6hrwcjc9ez6k/peskyfall.txt|3f|rlkey=r1w74lsdyrl5rzvrig5v9ll30|7c|26|7c|st=by3ttlfk|7c|26|7c|dl=1"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616999/; classtype:trojan-activity;sid:84480099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616998)"; flow:established,from_client; content:"GET"; http_method; content:"/2dovtm4nv4.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616998/; classtype:trojan-activity;sid:84480098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616997)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/wodfuzrbz0pc7kkc3yl2u/dll.txt|3f|rlkey=erzuh647o5ctzdnc0j1sgw83v|7c|26|7c|st=2st75vf5|7c|26|7c|dl=1"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616997/; classtype:trojan-activity;sid:84480097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.51.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616996/; classtype:trojan-activity;sid:84480096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.194.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616995/; classtype:trojan-activity;sid:84480095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.147.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616994/; classtype:trojan-activity;sid:84480094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616992)"; flow:established,from_client; content:"GET"; http_method; content:"/p.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.160.56.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616992/; classtype:trojan-activity;sid:84480092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616993)"; flow:established,from_client; content:"GET"; http_method; content:"/p.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"sulphite.nechiumousemosit.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616993/; classtype:trojan-activity;sid:84480093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.55.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616991/; classtype:trojan-activity;sid:84480091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.181.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616990/; classtype:trojan-activity;sid:84480090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616989)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6075866260/h77a20s.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616989/; classtype:trojan-activity;sid:84480089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616988)"; flow:established,from_client; content:"GET"; http_method; content:"/files/hello/random.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616988/; classtype:trojan-activity;sid:84480088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616987)"; flow:established,from_client; content:"GET"; http_method; content:"/sjcpyyxp.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dhbhs66960.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616987/; classtype:trojan-activity;sid:84480087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616986)"; flow:established,from_client; content:"GET"; http_method; content:"/2.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616986/; classtype:trojan-activity;sid:84480086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616981)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8042875554/4uhlr6r.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616981/; classtype:trojan-activity;sid:84480081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616982)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6809807338/58iuk6y.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616982/; classtype:trojan-activity;sid:84480082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616983)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6253341961/6rcq0nx.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616983/; classtype:trojan-activity;sid:84480083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616984)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1781548144/8bhlzjk.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616984/; classtype:trojan-activity;sid:84480084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616985)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6075866260/kthjckl.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616985/; classtype:trojan-activity;sid:84480085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.117.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616980/; classtype:trojan-activity;sid:84480080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.194.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616979/; classtype:trojan-activity;sid:84480079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.36.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616978/; classtype:trojan-activity;sid:84480078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.250.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616977/; classtype:trojan-activity;sid:84480077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.39.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616976/; classtype:trojan-activity;sid:84480076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.117.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616975/; classtype:trojan-activity;sid:84480075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.250.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616974/; classtype:trojan-activity;sid:84480074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.36.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616973/; classtype:trojan-activity;sid:84480073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.220.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616972/; classtype:trojan-activity;sid:84480072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616971)"; flow:established,from_client; content:"GET"; http_method; content:"/ju5sy3n659.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616971/; classtype:trojan-activity;sid:84480071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.75.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616970/; classtype:trojan-activity;sid:84480070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.181.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616969/; classtype:trojan-activity;sid:84480069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616968)"; flow:established,from_client; content:"GET"; http_method; content:"/tftu28pdp3.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616968/; classtype:trojan-activity;sid:84480068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.21.22"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616967/; classtype:trojan-activity;sid:84480067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.39.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616966/; classtype:trojan-activity;sid:84480066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.239.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616965/; classtype:trojan-activity;sid:84480065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616964)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"77.90.153.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616964/; classtype:trojan-activity;sid:84480064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616963)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6450557756/6pydede.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616963/; classtype:trojan-activity;sid:84480063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616962)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6075866260/zjzkl2r.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616962/; classtype:trojan-activity;sid:84480062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616961)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5298241443/ddunft9.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616961/; classtype:trojan-activity;sid:84480061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616960)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7919576999/mjpczpq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616960/; classtype:trojan-activity;sid:84480060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616959)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8283443171/v5kwytd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616959/; classtype:trojan-activity;sid:84480059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.178.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616958/; classtype:trojan-activity;sid:84480058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.90.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616957/; classtype:trojan-activity;sid:84480057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.209.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616956/; classtype:trojan-activity;sid:84480056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.34.109.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616955/; classtype:trojan-activity;sid:84480055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.21.22"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616954/; classtype:trojan-activity;sid:84480054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.88.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616953/; classtype:trojan-activity;sid:84480053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.129.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616952/; classtype:trojan-activity;sid:84480052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.90.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616951/; classtype:trojan-activity;sid:84480051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.1.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616950/; classtype:trojan-activity;sid:84480050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.47.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616949/; classtype:trojan-activity;sid:84480049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.178.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616948/; classtype:trojan-activity;sid:84480048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.227.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616947/; classtype:trojan-activity;sid:84480047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616946)"; flow:established,from_client; content:"GET"; http_method; content:"/y9anu05l9s.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616946/; classtype:trojan-activity;sid:84480046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.65.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616945/; classtype:trojan-activity;sid:84480045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.185.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616941/; classtype:trojan-activity;sid:84480041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.34.109.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616942/; classtype:trojan-activity;sid:84480042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.19.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616943/; classtype:trojan-activity;sid:84480043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.235.42.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616944/; classtype:trojan-activity;sid:84480044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.247.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616938/; classtype:trojan-activity;sid:84480038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.190.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616939/; classtype:trojan-activity;sid:84480039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616940)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.108.72.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616940/; classtype:trojan-activity;sid:84480040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"157.20.228.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616937/; classtype:trojan-activity;sid:84480037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.120.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616933/; classtype:trojan-activity;sid:84480033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.69.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616934/; classtype:trojan-activity;sid:84480034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.201.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616935/; classtype:trojan-activity;sid:84480035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.126.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616936/; classtype:trojan-activity;sid:84480036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.168.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616931/; classtype:trojan-activity;sid:84480031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.187.104.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616932/; classtype:trojan-activity;sid:84480032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.47.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616929/; classtype:trojan-activity;sid:84480029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.211.46.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616930/; classtype:trojan-activity;sid:84480030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.159.179.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616928/; classtype:trojan-activity;sid:84480028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.198.186.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616927/; classtype:trojan-activity;sid:84480027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.47.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616926/; classtype:trojan-activity;sid:84480026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.26.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616925/; classtype:trojan-activity;sid:84480025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.208.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616924/; classtype:trojan-activity;sid:84480024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.27.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616923/; classtype:trojan-activity;sid:84480023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.8.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616922/; classtype:trojan-activity;sid:84480022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.186.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616921/; classtype:trojan-activity;sid:84480021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.26.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616920/; classtype:trojan-activity;sid:84480020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.204.135.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616919/; classtype:trojan-activity;sid:84480019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.170.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616918/; classtype:trojan-activity;sid:84480018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.187.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616917/; classtype:trojan-activity;sid:84480017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.255.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616916/; classtype:trojan-activity;sid:84480016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.67.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616915/; classtype:trojan-activity;sid:84480015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.239.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616914/; classtype:trojan-activity;sid:84480014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616913)"; flow:established,from_client; content:"GET"; http_method; content:"/m1288p47oj.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616913/; classtype:trojan-activity;sid:84480013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616912)"; flow:established,from_client; content:"GET"; http_method; content:"/djra6fxpkz.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616912/; classtype:trojan-activity;sid:84480012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.168.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616911/; classtype:trojan-activity;sid:84480011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.109.208.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616910/; classtype:trojan-activity;sid:84480010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.255.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616909/; classtype:trojan-activity;sid:84480009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616908)"; flow:established,from_client; content:"GET"; http_method; content:"/cph8xd83k0.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616908/; classtype:trojan-activity;sid:84480008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.227.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616907/; classtype:trojan-activity;sid:84480007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616897)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616897/; classtype:trojan-activity;sid:84479997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616898)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616898/; classtype:trojan-activity;sid:84479998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616899)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616899/; classtype:trojan-activity;sid:84479999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616900)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616900/; classtype:trojan-activity;sid:84480000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616901)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.225.65.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616901/; classtype:trojan-activity;sid:84480001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616902)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"64.225.65.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616902/; classtype:trojan-activity;sid:84480002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616903)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"64.225.65.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616903/; classtype:trojan-activity;sid:84480003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616904)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.225.65.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616904/; classtype:trojan-activity;sid:84480004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616905)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616905/; classtype:trojan-activity;sid:84480005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.109.208.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616906/; classtype:trojan-activity;sid:84480006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616893)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616893/; classtype:trojan-activity;sid:84479993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616894)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616894/; classtype:trojan-activity;sid:84479994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616895)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616895/; classtype:trojan-activity;sid:84479995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616896)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616896/; classtype:trojan-activity;sid:84479996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616892)"; flow:established,from_client; content:"GET"; http_method; content:"/gompsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.222.97.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616892/; classtype:trojan-activity;sid:84479992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616891)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616891/; classtype:trojan-activity;sid:84479991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616890)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616890/; classtype:trojan-activity;sid:84479990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616886)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.225.65.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616886/; classtype:trojan-activity;sid:84479986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616887)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.225.65.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616887/; classtype:trojan-activity;sid:84479987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616888)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616888/; classtype:trojan-activity;sid:84479988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616889)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"5.42.217.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616889/; classtype:trojan-activity;sid:84479989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616884)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"64.225.65.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616884/; classtype:trojan-activity;sid:84479984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616885)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.225.65.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616885/; classtype:trojan-activity;sid:84479985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616883)"; flow:established,from_client; content:"GET"; http_method; content:"/jc2c4q4kxl.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616883/; classtype:trojan-activity;sid:84479983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.199.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616882/; classtype:trojan-activity;sid:84479982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.61.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616881/; classtype:trojan-activity;sid:84479981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.225.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616880/; classtype:trojan-activity;sid:84479980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.214.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616879/; classtype:trojan-activity;sid:84479979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.225.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616878/; classtype:trojan-activity;sid:84479978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616877)"; flow:established,from_client; content:"GET"; http_method; content:"/oiy8fn2jo9.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616877/; classtype:trojan-activity;sid:84479977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.131.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3616876/; classtype:trojan-activity;sid:84479976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.208.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616875/; classtype:trojan-activity;sid:84479975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.61.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616874/; classtype:trojan-activity;sid:84479974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.131.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616873/; classtype:trojan-activity;sid:84479973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.249.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616872/; classtype:trojan-activity;sid:84479972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.123.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616871/; classtype:trojan-activity;sid:84479971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.67.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616870/; classtype:trojan-activity;sid:84479970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.249.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616869/; classtype:trojan-activity;sid:84479969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.93.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616868/; classtype:trojan-activity;sid:84479968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.73.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616867/; classtype:trojan-activity;sid:84479967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616866)"; flow:established,from_client; content:"GET"; http_method; content:"/v8fx696xa8.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616866/; classtype:trojan-activity;sid:84479966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.67.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616865/; classtype:trojan-activity;sid:84479965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.30.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616864/; classtype:trojan-activity;sid:84479964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616863)"; flow:established,from_client; content:"GET"; http_method; content:"/0k3x7i8ny0.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616863/; classtype:trojan-activity;sid:84479963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616862/; classtype:trojan-activity;sid:84479962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.95.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616861/; classtype:trojan-activity;sid:84479961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.209.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616860/; classtype:trojan-activity;sid:84479960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.47.139.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616859/; classtype:trojan-activity;sid:84479959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.93.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616858/; classtype:trojan-activity;sid:84479958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.100.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616857/; classtype:trojan-activity;sid:84479957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616856)"; flow:established,from_client; content:"GET"; http_method; content:"/t1x4hrxak7.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616856/; classtype:trojan-activity;sid:84479956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.95.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616855/; classtype:trojan-activity;sid:84479955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616854/; classtype:trojan-activity;sid:84479954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.240.236.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616853/; classtype:trojan-activity;sid:84479953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616852/; classtype:trojan-activity;sid:84479952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616851)"; flow:established,from_client; content:"GET"; http_method; content:"/3cqmd38t4w.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616851/; classtype:trojan-activity;sid:84479951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.234.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616850/; classtype:trojan-activity;sid:84479950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.131.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616849/; classtype:trojan-activity;sid:84479949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616847)"; flow:established,from_client; content:"GET"; http_method; content:"/js.php"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"louglas.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616847/; classtype:trojan-activity;sid:84479947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616848)"; flow:established,from_client; content:"GET"; http_method; content:"/4r2w.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"louglas.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616848/; classtype:trojan-activity;sid:84479948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.15.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616846/; classtype:trojan-activity;sid:84479946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.15.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616845/; classtype:trojan-activity;sid:84479945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.24.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616844/; classtype:trojan-activity;sid:84479944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.119.250.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616841/; classtype:trojan-activity;sid:84479941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.80.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616842/; classtype:trojan-activity;sid:84479942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616843/; classtype:trojan-activity;sid:84479943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616840)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"5.42.217.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616840/; classtype:trojan-activity;sid:84479940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.182.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616839/; classtype:trojan-activity;sid:84479939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616838)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.48.84.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616838/; classtype:trojan-activity;sid:84479938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.77.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616836/; classtype:trojan-activity;sid:84479936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.200.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616837/; classtype:trojan-activity;sid:84479937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.54.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616835/; classtype:trojan-activity;sid:84479935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.73.44.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616834/; classtype:trojan-activity;sid:84479934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.80.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616833/; classtype:trojan-activity;sid:84479933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.53.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616832/; classtype:trojan-activity;sid:84479932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.216.138.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616831/; classtype:trojan-activity;sid:84479931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.70.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616830/; classtype:trojan-activity;sid:84479930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616829)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.8.239"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616829/; classtype:trojan-activity;sid:84479929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.169.249.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616828/; classtype:trojan-activity;sid:84479928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.10.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616827/; classtype:trojan-activity;sid:84479927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.28.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616826/; classtype:trojan-activity;sid:84479926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.73.44.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616825/; classtype:trojan-activity;sid:84479925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.80.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616824/; classtype:trojan-activity;sid:84479924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.75.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616823/; classtype:trojan-activity;sid:84479923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616820)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"makarovs839.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616820/; classtype:trojan-activity;sid:84479920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616821)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"makarovs839.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616821/; classtype:trojan-activity;sid:84479921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616822)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"makarovs839.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616822/; classtype:trojan-activity;sid:84479922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616819)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"makarovs839.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616819/; classtype:trojan-activity;sid:84479919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616818)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"makarovs839.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616818/; classtype:trojan-activity;sid:84479918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.95.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616817/; classtype:trojan-activity;sid:84479917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616816)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c2.sombras.space"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616816/; classtype:trojan-activity;sid:84479916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616815)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"c2.sombras.space"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616815/; classtype:trojan-activity;sid:84479915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616813)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"c2.sombras.space"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616813/; classtype:trojan-activity;sid:84479913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616814)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c2.sombras.space"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616814/; classtype:trojan-activity;sid:84479914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616806)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"c2.sombras.space"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616806/; classtype:trojan-activity;sid:84479906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616807)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"c2.sombras.space"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616807/; classtype:trojan-activity;sid:84479907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616808)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"scan.sombras.space"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616808/; classtype:trojan-activity;sid:84479908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616809)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"c2.sombras.space"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616809/; classtype:trojan-activity;sid:84479909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616810)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm5n"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"c2.sombras.space"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616810/; classtype:trojan-activity;sid:84479910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616811)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"c2.sombras.space"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616811/; classtype:trojan-activity;sid:84479911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616812)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm5n"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"c2.sombras.space"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616812/; classtype:trojan-activity;sid:84479912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616805)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"c2.sombras.space"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616805/; classtype:trojan-activity;sid:84479905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616800)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"c2.sombras.space"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616800/; classtype:trojan-activity;sid:84479900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616801)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.gnueabihf"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"c2.sombras.space"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616801/; classtype:trojan-activity;sid:84479901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616802)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"c2.sombras.space"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616802/; classtype:trojan-activity;sid:84479902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616803)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c2.sombras.space"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616803/; classtype:trojan-activity;sid:84479903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616804)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"c2.sombras.space"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616804/; classtype:trojan-activity;sid:84479904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616797)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"c2.sombras.space"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616797/; classtype:trojan-activity;sid:84479897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616798)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"c2.sombras.space"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616798/; classtype:trojan-activity;sid:84479898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616799)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"c2.sombras.space"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616799/; classtype:trojan-activity;sid:84479899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616793)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c2.sombras.space"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616793/; classtype:trojan-activity;sid:84479893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616794)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"c2.sombras.space"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616794/; classtype:trojan-activity;sid:84479894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616795)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"scan.sombras.space"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616795/; classtype:trojan-activity;sid:84479895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616796)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c2.sombras.space"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616796/; classtype:trojan-activity;sid:84479896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616791)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"scan.sombras.space"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616791/; classtype:trojan-activity;sid:84479891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616792)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"scan.sombras.space"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616792/; classtype:trojan-activity;sid:84479892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616789)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"scan.sombras.space"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616789/; classtype:trojan-activity;sid:84479889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616790)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"scan.sombras.space"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616790/; classtype:trojan-activity;sid:84479890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616785)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"scan.sombras.space"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616785/; classtype:trojan-activity;sid:84479885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616786)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"scan.sombras.space"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616786/; classtype:trojan-activity;sid:84479886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616787)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.gnueabihf"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"scan.sombras.space"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616787/; classtype:trojan-activity;sid:84479887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616788)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"scan.sombras.space"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616788/; classtype:trojan-activity;sid:84479888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616782)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"scan.sombras.space"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616782/; classtype:trojan-activity;sid:84479882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616783)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"scan.sombras.space"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616783/; classtype:trojan-activity;sid:84479883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616784)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"scan.sombras.space"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616784/; classtype:trojan-activity;sid:84479884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616781)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"scan.sombras.space"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616781/; classtype:trojan-activity;sid:84479881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616775)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"scan.sombras.space"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616775/; classtype:trojan-activity;sid:84479875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616776)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"scan.sombras.space"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616776/; classtype:trojan-activity;sid:84479876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616777)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"scan.sombras.space"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616777/; classtype:trojan-activity;sid:84479877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616778)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm5n"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"scan.sombras.space"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616778/; classtype:trojan-activity;sid:84479878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616779)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"scan.sombras.space"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616779/; classtype:trojan-activity;sid:84479879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616780)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"scan.sombras.space"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616780/; classtype:trojan-activity;sid:84479880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616774)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm5n"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"scan.sombras.space"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616774/; classtype:trojan-activity;sid:84479874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616773)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"scan.sombras.space"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616773/; classtype:trojan-activity;sid:84479873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616772)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"205.185.118.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616772/; classtype:trojan-activity;sid:84479872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616765)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.42.241.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616765/; classtype:trojan-activity;sid:84479865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616766)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.42.241.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616766/; classtype:trojan-activity;sid:84479866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616767)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.42.241.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616767/; classtype:trojan-activity;sid:84479867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616768)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.225.65.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616768/; classtype:trojan-activity;sid:84479868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616769)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.42.241.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616769/; classtype:trojan-activity;sid:84479869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616770)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.gnueabihf"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.42.241.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616770/; classtype:trojan-activity;sid:84479870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616771)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"205.185.118.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616771/; classtype:trojan-activity;sid:84479871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616760)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"64.225.65.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616760/; classtype:trojan-activity;sid:84479860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616761)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm5n"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.42.241.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616761/; classtype:trojan-activity;sid:84479861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616762)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.42.241.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616762/; classtype:trojan-activity;sid:84479862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616763)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.42.241.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616763/; classtype:trojan-activity;sid:84479863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616764)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"194.102.104.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616764/; classtype:trojan-activity;sid:84479864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616743)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.225.65.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616743/; classtype:trojan-activity;sid:84479843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616744)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.42.241.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616744/; classtype:trojan-activity;sid:84479844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616745)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.42.241.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616745/; classtype:trojan-activity;sid:84479845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616746)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.42.241.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616746/; classtype:trojan-activity;sid:84479846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616747)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.42.241.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616747/; classtype:trojan-activity;sid:84479847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616748)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.42.241.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616748/; classtype:trojan-activity;sid:84479848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616749)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm5n"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.42.241.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616749/; classtype:trojan-activity;sid:84479849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616750)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.42.241.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616750/; classtype:trojan-activity;sid:84479850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616751)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.42.241.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616751/; classtype:trojan-activity;sid:84479851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616752)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.42.241.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616752/; classtype:trojan-activity;sid:84479852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616753)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.42.241.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616753/; classtype:trojan-activity;sid:84479853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616754)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.23.183.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616754/; classtype:trojan-activity;sid:84479854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616755)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.42.241.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616755/; classtype:trojan-activity;sid:84479855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616756)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.23.183.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616756/; classtype:trojan-activity;sid:84479856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616757)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"194.102.104.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616757/; classtype:trojan-activity;sid:84479857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616758)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.23.183.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616758/; classtype:trojan-activity;sid:84479858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616759)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.42.241.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616759/; classtype:trojan-activity;sid:84479859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616741)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.42.241.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616741/; classtype:trojan-activity;sid:84479841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616742)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.42.241.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616742/; classtype:trojan-activity;sid:84479842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616739)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.225.65.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616739/; classtype:trojan-activity;sid:84479839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616740)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"64.225.65.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616740/; classtype:trojan-activity;sid:84479840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.141.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616738/; classtype:trojan-activity;sid:84479838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.168.215.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616737/; classtype:trojan-activity;sid:84479837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.137.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616736/; classtype:trojan-activity;sid:84479836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616735)"; flow:established,from_client; content:"GET"; http_method; content:"/bx024gy1cd.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616735/; classtype:trojan-activity;sid:84479835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.169.249.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616734/; classtype:trojan-activity;sid:84479834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.141.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616733/; classtype:trojan-activity;sid:84479833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.137.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616732/; classtype:trojan-activity;sid:84479832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.168.215.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616731/; classtype:trojan-activity;sid:84479831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616730)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"74.48.84.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616730/; classtype:trojan-activity;sid:84479830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.253.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616729/; classtype:trojan-activity;sid:84479829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616728)"; flow:established,from_client; content:"GET"; http_method; content:"/dv0qeuyb50.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616728/; classtype:trojan-activity;sid:84479828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.112.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616727/; classtype:trojan-activity;sid:84479827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.253.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616726/; classtype:trojan-activity;sid:84479826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616725)"; flow:established,from_client; content:"GET"; http_method; content:"/2mszfsxad4.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616725/; classtype:trojan-activity;sid:84479825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.66.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616724/; classtype:trojan-activity;sid:84479824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.198.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616723/; classtype:trojan-activity;sid:84479823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.213.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616722/; classtype:trojan-activity;sid:84479822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.202.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616721/; classtype:trojan-activity;sid:84479821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616720)"; flow:established,from_client; content:"GET"; http_method; content:"/file/v209update.pdf"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"upsinf.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616720/; classtype:trojan-activity;sid:84479820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.132.130.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616719/; classtype:trojan-activity;sid:84479819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616718)"; flow:established,from_client; content:"GET"; http_method; content:"/gwizckb129.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"petrotecmx.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616718/; classtype:trojan-activity;sid:84479818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616717)"; flow:established,from_client; content:"GET"; http_method; content:"/kortblgemodtagernes.ocx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"petrotecmx.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616717/; classtype:trojan-activity;sid:84479817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616716)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|filename=wedconvertedfile.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"bafybeifelz34aerc4afiegvichmsn6frsheuhun3fsbrdzbbicm4zyhhtu.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616716/; classtype:trojan-activity;sid:84479816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616715)"; flow:established,from_client; content:"GET"; http_method; content:"/newdroidconvertedfile.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"192.3.177.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616715/; classtype:trojan-activity;sid:84479815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616714)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/878395275960545354/1412795687439040664/vmdocumenots.txt|3f|ex=68b99804|7c|26|7c|is=68b84684|7c|26|7c|hm=95019ae7a1a4d04f69251ea7c08489dad68962e867eb83a66a19c60787a5325a|7c|26|7c|"; http_uri; depth:191; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616714/; classtype:trojan-activity;sid:84479814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616713)"; flow:established,from_client; content:"GET"; http_method; content:"/9790ne5qjc.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616713/; classtype:trojan-activity;sid:84479813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.73.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616712/; classtype:trojan-activity;sid:84479812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.213.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616711/; classtype:trojan-activity;sid:84479811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.170.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616710/; classtype:trojan-activity;sid:84479810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.66.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616709/; classtype:trojan-activity;sid:84479809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616708)"; flow:established,from_client; content:"GET"; http_method; content:"/screensetup.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"88.214.50.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616708/; classtype:trojan-activity;sid:84479808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616707)"; flow:established,from_client; content:"GET"; http_method; content:"/syncai.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"88.214.50.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616707/; classtype:trojan-activity;sid:84479807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616706)"; flow:established,from_client; content:"GET"; http_method; content:"/huier.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"84.21.189.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616706/; classtype:trojan-activity;sid:84479806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616704)"; flow:established,from_client; content:"GET"; http_method; content:"/openaisync.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"88.214.50.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616704/; classtype:trojan-activity;sid:84479804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616705)"; flow:established,from_client; content:"GET"; http_method; content:"/syncclient.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"88.214.50.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616705/; classtype:trojan-activity;sid:84479805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.45.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616703/; classtype:trojan-activity;sid:84479803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.178.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616702/; classtype:trojan-activity;sid:84479802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.43.100.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616701/; classtype:trojan-activity;sid:84479801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616699)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1096908824/bghcllc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616699/; classtype:trojan-activity;sid:84479799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616700)"; flow:established,from_client; content:"GET"; http_method; content:"/docssign3.1.7.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"pub-2e5d60f1a1274566a84d94e283a3b5ab.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616700/; classtype:trojan-activity;sid:84479800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616698)"; flow:established,from_client; content:"GET"; http_method; content:"/prepare_answer.php"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"80.71.229.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616698/; classtype:trojan-activity;sid:84479798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616697)"; flow:established,from_client; content:"GET"; http_method; content:"/test/image_00102pdf.z"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"estartem.ro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616697/; classtype:trojan-activity;sid:84479797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616696)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6075866260/yq8vgfv.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616696/; classtype:trojan-activity;sid:84479796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616695)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1780425535/urbip6x.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616695/; classtype:trojan-activity;sid:84479795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.73.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616694/; classtype:trojan-activity;sid:84479794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.73.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616693/; classtype:trojan-activity;sid:84479793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.56.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616692/; classtype:trojan-activity;sid:84479792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.158.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616691/; classtype:trojan-activity;sid:84479791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616690)"; flow:established,from_client; content:"GET"; http_method; content:"/zq5vunzol2.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616690/; classtype:trojan-activity;sid:84479790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.198.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616689/; classtype:trojan-activity;sid:84479789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.68.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616688/; classtype:trojan-activity;sid:84479788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.158.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616687/; classtype:trojan-activity;sid:84479787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.35.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616686/; classtype:trojan-activity;sid:84479786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616685/; classtype:trojan-activity;sid:84479785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.221.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616684/; classtype:trojan-activity;sid:84479784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.68.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616683/; classtype:trojan-activity;sid:84479783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.7.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616682/; classtype:trojan-activity;sid:84479782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.158.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616681/; classtype:trojan-activity;sid:84479781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.87.63.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616680/; classtype:trojan-activity;sid:84479780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.197.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616679/; classtype:trojan-activity;sid:84479779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.221.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616677/; classtype:trojan-activity;sid:84479777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.59.72.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616678/; classtype:trojan-activity;sid:84479778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616676)"; flow:established,from_client; content:"GET"; http_method; content:"/4ltc3qn6o3.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616676/; classtype:trojan-activity;sid:84479776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616675/; classtype:trojan-activity;sid:84479775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.205.30.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616674/; classtype:trojan-activity;sid:84479774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.159.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616673/; classtype:trojan-activity;sid:84479773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.98.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616672/; classtype:trojan-activity;sid:84479772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.175.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616671/; classtype:trojan-activity;sid:84479771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616670)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.42.217.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616670/; classtype:trojan-activity;sid:84479770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.205.30.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616669/; classtype:trojan-activity;sid:84479769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.197.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616668/; classtype:trojan-activity;sid:84479768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616666)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"5.42.217.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616666/; classtype:trojan-activity;sid:84479766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616667)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.42.217.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616667/; classtype:trojan-activity;sid:84479767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616664)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.42.217.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616664/; classtype:trojan-activity;sid:84479764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616665)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"5.42.217.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616665/; classtype:trojan-activity;sid:84479765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616663/; classtype:trojan-activity;sid:84479763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.51.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616662/; classtype:trojan-activity;sid:84479762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.74.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616661/; classtype:trojan-activity;sid:84479761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.98.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616660/; classtype:trojan-activity;sid:84479760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.247.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616659/; classtype:trojan-activity;sid:84479759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616658)"; flow:established,from_client; content:"GET"; http_method; content:"/9z42bylhej.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"it.fobiweu2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616658/; classtype:trojan-activity;sid:84479758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616657)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"74.48.84.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616657/; classtype:trojan-activity;sid:84479757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.175.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616656/; classtype:trojan-activity;sid:84479756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.74.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616655/; classtype:trojan-activity;sid:84479755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616652)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"74.48.84.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616652/; classtype:trojan-activity;sid:84479752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616653)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"74.48.84.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616653/; classtype:trojan-activity;sid:84479753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616654)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"74.48.84.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616654/; classtype:trojan-activity;sid:84479754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616651)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"74.48.84.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616651/; classtype:trojan-activity;sid:84479751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616646)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"74.48.84.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616646/; classtype:trojan-activity;sid:84479746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616647)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"74.48.84.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616647/; classtype:trojan-activity;sid:84479747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616648)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"74.48.84.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616648/; classtype:trojan-activity;sid:84479748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616649)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"74.48.84.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616649/; classtype:trojan-activity;sid:84479749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616650)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"74.48.84.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616650/; classtype:trojan-activity;sid:84479750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.249.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616645/; classtype:trojan-activity;sid:84479745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.175.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616644/; classtype:trojan-activity;sid:84479744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.4.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616643/; classtype:trojan-activity;sid:84479743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.63.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616642/; classtype:trojan-activity;sid:84479742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.247.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616641/; classtype:trojan-activity;sid:84479741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.63.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616640/; classtype:trojan-activity;sid:84479740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.39.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616639/; classtype:trojan-activity;sid:84479739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.14.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616637/; classtype:trojan-activity;sid:84479737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.17.78.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616638/; classtype:trojan-activity;sid:84479738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.230.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616636/; classtype:trojan-activity;sid:84479736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.190.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616635/; classtype:trojan-activity;sid:84479735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.182.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616634/; classtype:trojan-activity;sid:84479734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.172.111.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616633/; classtype:trojan-activity;sid:84479733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.56.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616632/; classtype:trojan-activity;sid:84479732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.141.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616631/; classtype:trojan-activity;sid:84479731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.146.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616630/; classtype:trojan-activity;sid:84479730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.14.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616629/; classtype:trojan-activity;sid:84479729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.207.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616628/; classtype:trojan-activity;sid:84479728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.56.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616627/; classtype:trojan-activity;sid:84479727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616626)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/test.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.21.237.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616626/; classtype:trojan-activity;sid:84479726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616625)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/test.mipsel"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.21.237.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616625/; classtype:trojan-activity;sid:84479725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616624)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/test.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.21.237.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616624/; classtype:trojan-activity;sid:84479724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616623)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/test.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.21.237.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616623/; classtype:trojan-activity;sid:84479723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616620)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/test.sparc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.21.237.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616620/; classtype:trojan-activity;sid:84479720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616621)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/test.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.21.237.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616621/; classtype:trojan-activity;sid:84479721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616622)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/test.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.21.237.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616622/; classtype:trojan-activity;sid:84479722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616618)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/test.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.21.237.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616618/; classtype:trojan-activity;sid:84479718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616619)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/test.aarch64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.21.237.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616619/; classtype:trojan-activity;sid:84479719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.207.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616617/; classtype:trojan-activity;sid:84479717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.25.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616616/; classtype:trojan-activity;sid:84479716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616615)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8267769173/fsjlnry.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616615/; classtype:trojan-activity;sid:84479715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.100.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616614/; classtype:trojan-activity;sid:84479714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.79.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616613/; classtype:trojan-activity;sid:84479713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.236.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616612/; classtype:trojan-activity;sid:84479712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.223.34.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616611/; classtype:trojan-activity;sid:84479711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.218.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616610/; classtype:trojan-activity;sid:84479710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616609)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616609/; classtype:trojan-activity;sid:84479709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616608)"; flow:established,from_client; content:"GET"; http_method; content:"/files/doxxer.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"thatdimensionalwebsite.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616608/; classtype:trojan-activity;sid:84479708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.172.111.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616607/; classtype:trojan-activity;sid:84479707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616606)"; flow:established,from_client; content:"GET"; http_method; content:"/de/rechnung%205605355625.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"deadly-fascinating-along-staying.trycloudflare.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616606/; classtype:trojan-activity;sid:84479706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616605)"; flow:established,from_client; content:"GET"; http_method; content:"/st.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.21.189.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616605/; classtype:trojan-activity;sid:84479705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616604)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1940906502/xsidr7s.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616604/; classtype:trojan-activity;sid:84479704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.37.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616603/; classtype:trojan-activity;sid:84479703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.21.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616601/; classtype:trojan-activity;sid:84479701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.193.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616602/; classtype:trojan-activity;sid:84479702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.37.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616600/; classtype:trojan-activity;sid:84479700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.179.249.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616599/; classtype:trojan-activity;sid:84479699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.227.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616598/; classtype:trojan-activity;sid:84479698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616597)"; flow:established,from_client; content:"GET"; http_method; content:"/cwv4dnssg6.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wug.hekulei5.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616597/; classtype:trojan-activity;sid:84479697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.85.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616596/; classtype:trojan-activity;sid:84479696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.208.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616595/; classtype:trojan-activity;sid:84479695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.172.111.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616594/; classtype:trojan-activity;sid:84479694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616593)"; flow:established,from_client; content:"GET"; http_method; content:"/wlbsctrl.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"158.220.93.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616593/; classtype:trojan-activity;sid:84479693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616592)"; flow:established,from_client; content:"GET"; http_method; content:"/test.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"158.220.93.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616592/; classtype:trojan-activity;sid:84479692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616591)"; flow:established,from_client; content:"GET"; http_method; content:"/vvv.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"52.128.225.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616591/; classtype:trojan-activity;sid:84479691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616589)"; flow:established,from_client; content:"GET"; http_method; content:"/vvv.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"52.128.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616589/; classtype:trojan-activity;sid:84479689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616590)"; flow:established,from_client; content:"GET"; http_method; content:"/vvv.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"52.128.225.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616590/; classtype:trojan-activity;sid:84479690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616587)"; flow:established,from_client; content:"GET"; http_method; content:"/vvv.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"52.128.225.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616587/; classtype:trojan-activity;sid:84479687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616588)"; flow:established,from_client; content:"GET"; http_method; content:"/vvv.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"52.128.225.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616588/; classtype:trojan-activity;sid:84479688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.37.19.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616586/; classtype:trojan-activity;sid:84479686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616585)"; flow:established,from_client; content:"GET"; http_method; content:"/eey4ry86xa.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wug.hekulei5.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616585/; classtype:trojan-activity;sid:84479685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.134.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616584/; classtype:trojan-activity;sid:84479684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.87.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616583/; classtype:trojan-activity;sid:84479683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.181.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616582/; classtype:trojan-activity;sid:84479682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.73.161.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616581/; classtype:trojan-activity;sid:84479681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.99.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616580/; classtype:trojan-activity;sid:84479680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.37.19.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616578/; classtype:trojan-activity;sid:84479678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.79.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616579/; classtype:trojan-activity;sid:84479679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.245.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616577/; classtype:trojan-activity;sid:84479677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616576)"; flow:established,from_client; content:"GET"; http_method; content:"/l0xbzrtftx.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wug.hekulei5.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616576/; classtype:trojan-activity;sid:84479676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.87.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616575/; classtype:trojan-activity;sid:84479675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.92.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616574/; classtype:trojan-activity;sid:84479674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.198.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616573/; classtype:trojan-activity;sid:84479673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.245.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616572/; classtype:trojan-activity;sid:84479672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.99.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616571/; classtype:trojan-activity;sid:84479671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616570)"; flow:established,from_client; content:"GET"; http_method; content:"/dhlserver.com"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"128.241.252.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616570/; classtype:trojan-activity;sid:84479670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616568)"; flow:established,from_client; content:"GET"; http_method; content:"/dhlserver.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"128.241.252.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616568/; classtype:trojan-activity;sid:84479668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616569)"; flow:established,from_client; content:"GET"; http_method; content:"/dhlserver.bat"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"128.241.252.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616569/; classtype:trojan-activity;sid:84479669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.240.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616567/; classtype:trojan-activity;sid:84479667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616566)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7958782646/u7oae8v.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616566/; classtype:trojan-activity;sid:84479666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.71.204.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616565/; classtype:trojan-activity;sid:84479665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616564)"; flow:established,from_client; content:"GET"; http_method; content:"/28hyz2dfmb.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wug.hekulei5.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616564/; classtype:trojan-activity;sid:84479664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616563)"; flow:established,from_client; content:"GET"; http_method; content:"/download-cookies"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"82.22.200.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616563/; classtype:trojan-activity;sid:84479663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.79.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616562/; classtype:trojan-activity;sid:84479662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.186.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616561/; classtype:trojan-activity;sid:84479661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616560)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.245.210.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616560/; classtype:trojan-activity;sid:84479660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616559)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1096908824/d92glfn.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616559/; classtype:trojan-activity;sid:84479659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.2.49.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616558/; classtype:trojan-activity;sid:84479658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.44.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616557/; classtype:trojan-activity;sid:84479657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.96.228.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616556/; classtype:trojan-activity;sid:84479656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616555)"; flow:established,from_client; content:"GET"; http_method; content:"/hodhbqgfzf.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wug.hekulei5.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616555/; classtype:trojan-activity;sid:84479655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616553)"; flow:established,from_client; content:"GET"; http_method; content:"/images/av.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.112.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616553/; classtype:trojan-activity;sid:84479653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616554)"; flow:established,from_client; content:"GET"; http_method; content:"/images/photo.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.112.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616554/; classtype:trojan-activity;sid:84479654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616552)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/photo.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.112.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616552/; classtype:trojan-activity;sid:84479652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616551)"; flow:established,from_client; content:"GET"; http_method; content:"/images/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.112.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616551/; classtype:trojan-activity;sid:84479651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616550)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.112.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616550/; classtype:trojan-activity;sid:84479650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616549)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/av.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.112.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616549/; classtype:trojan-activity;sid:84479649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616546)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/video.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.112.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616546/; classtype:trojan-activity;sid:84479646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616547)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.112.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616547/; classtype:trojan-activity;sid:84479647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616548)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.112.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616548/; classtype:trojan-activity;sid:84479648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616545)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/video.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.112.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616545/; classtype:trojan-activity;sid:84479645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616544)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.143.112.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616544/; classtype:trojan-activity;sid:84479644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616542)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/video.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.112.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616542/; classtype:trojan-activity;sid:84479642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616543)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/av.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.112.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616543/; classtype:trojan-activity;sid:84479643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616538)"; flow:established,from_client; content:"GET"; http_method; content:"/images/video.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.112.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616538/; classtype:trojan-activity;sid:84479638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616539)"; flow:established,from_client; content:"GET"; http_method; content:"/images/av.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.112.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616539/; classtype:trojan-activity;sid:84479639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616540)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/photo.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.112.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616540/; classtype:trojan-activity;sid:84479640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616541)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/av.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"182.143.112.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616541/; classtype:trojan-activity;sid:84479641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616534)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.143.112.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616534/; classtype:trojan-activity;sid:84479634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616535)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.112.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616535/; classtype:trojan-activity;sid:84479635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616536)"; flow:established,from_client; content:"GET"; http_method; content:"/images/video.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.112.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616536/; classtype:trojan-activity;sid:84479636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616537)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/photo.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.112.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616537/; classtype:trojan-activity;sid:84479637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616531)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/video.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.112.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616531/; classtype:trojan-activity;sid:84479631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616532)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/av.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"182.143.112.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616532/; classtype:trojan-activity;sid:84479632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616533)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.112.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616533/; classtype:trojan-activity;sid:84479633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.208.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616530/; classtype:trojan-activity;sid:84479630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.111.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616529/; classtype:trojan-activity;sid:84479629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.44.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616528/; classtype:trojan-activity;sid:84479628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.86.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616527/; classtype:trojan-activity;sid:84479627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616526)"; flow:established,from_client; content:"GET"; http_method; content:"/kas/moat.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.8.19.43"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616526/; classtype:trojan-activity;sid:84479626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616525)"; flow:established,from_client; content:"GET"; http_method; content:"/p6sdjrssrroxwds.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616525/; classtype:trojan-activity;sid:84479625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616524)"; flow:established,from_client; content:"GET"; http_method; content:"/so4nik/capacity.ps1"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"146.185.239.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616524/; classtype:trojan-activity;sid:84479624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616523)"; flow:established,from_client; content:"GET"; http_method; content:"/juewrcuhjwqb2os.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616523/; classtype:trojan-activity;sid:84479623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616522)"; flow:established,from_client; content:"GET"; http_method; content:"/nutu2glnqodbsbz.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616522/; classtype:trojan-activity;sid:84479622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616521)"; flow:established,from_client; content:"GET"; http_method; content:"/comer.bat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"starmanx.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616521/; classtype:trojan-activity;sid:84479621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616520)"; flow:established,from_client; content:"GET"; http_method; content:"/sildestimen.pfb"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"starmanx.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616520/; classtype:trojan-activity;sid:84479620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.243.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616519/; classtype:trojan-activity;sid:84479619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616517)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756255257_3151.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616517/; classtype:trojan-activity;sid:84479617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616518)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754509817_3767.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616518/; classtype:trojan-activity;sid:84479618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616515)"; flow:established,from_client; content:"GET"; http_method; content:"/nfsqeklbni_04/03.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"andrefelipedonascime1756166725866.0531865.meusitehostgator.com.br"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616515/; classtype:trojan-activity;sid:84479615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616516)"; flow:established,from_client; content:"GET"; http_method; content:"/366/verygreatwaygtogivebestnoticingoptional.hta"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"209.59.168.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616516/; classtype:trojan-activity;sid:84479616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616509)"; flow:established,from_client; content:"GET"; http_method; content:"/5wemhkc19lctn40.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616509/; classtype:trojan-activity;sid:84479609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616510)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wun0109.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"iliclaw.yunethosting.rs"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616510/; classtype:trojan-activity;sid:84479610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616511)"; flow:established,from_client; content:"GET"; http_method; content:"/pure/yoqza.dat"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"primeline.it.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616511/; classtype:trojan-activity;sid:84479611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616512)"; flow:established,from_client; content:"GET"; http_method; content:"/pure/cbeius.vdf"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"primeline.it.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616512/; classtype:trojan-activity;sid:84479612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616513)"; flow:established,from_client; content:"GET"; http_method; content:"/pure/aleplu.mp4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"primeline.it.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616513/; classtype:trojan-activity;sid:84479613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616514)"; flow:established,from_client; content:"GET"; http_method; content:"/pure/ydfouol.mp4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"primeline.it.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616514/; classtype:trojan-activity;sid:84479614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616505)"; flow:established,from_client; content:"GET"; http_method; content:"/9hadpm6ubabjxpk.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616505/; classtype:trojan-activity;sid:84479605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616506)"; flow:established,from_client; content:"GET"; http_method; content:"/mondayfiledloiddarkcloudxscript.vbs"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"192.3.177.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616506/; classtype:trojan-activity;sid:84479606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616507)"; flow:established,from_client; content:"GET"; http_method; content:"/dhhleeobib.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wug.hekulei5.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616507/; classtype:trojan-activity;sid:84479607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616508)"; flow:established,from_client; content:"GET"; http_method; content:"/mondayscript.vbs"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"107.174.212.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616508/; classtype:trojan-activity;sid:84479608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616503)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753965096_3660.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616503/; classtype:trojan-activity;sid:84479603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616504)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756707274_7659.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616504/; classtype:trojan-activity;sid:84479604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616502)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756702489_2472.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616502/; classtype:trojan-activity;sid:84479602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616500)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755174268_1676.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616500/; classtype:trojan-activity;sid:84479600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616501)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756844115_8075.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616501/; classtype:trojan-activity;sid:84479601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616498)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754416190_6133.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616498/; classtype:trojan-activity;sid:84479598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616499)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755500176_4255.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616499/; classtype:trojan-activity;sid:84479599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616492)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753374248_4566.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616492/; classtype:trojan-activity;sid:84479592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616493)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755193509_7340.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616493/; classtype:trojan-activity;sid:84479593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616494)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753631990_6650.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616494/; classtype:trojan-activity;sid:84479594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616495)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755016836_9369.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616495/; classtype:trojan-activity;sid:84479595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616496)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755055649_6264.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616496/; classtype:trojan-activity;sid:84479596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616497)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753451526_3519.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616497/; classtype:trojan-activity;sid:84479597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616484)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754405551_2119.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616484/; classtype:trojan-activity;sid:84479584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616485)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756794760_2235.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616485/; classtype:trojan-activity;sid:84479585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616486)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753699647_2042.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616486/; classtype:trojan-activity;sid:84479586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616487)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754997112_2834.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616487/; classtype:trojan-activity;sid:84479587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616488)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756148290_5222.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616488/; classtype:trojan-activity;sid:84479588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616489)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754506592_9090.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616489/; classtype:trojan-activity;sid:84479589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616490)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756507092_3159.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616490/; classtype:trojan-activity;sid:84479590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616491)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756667052_4445.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616491/; classtype:trojan-activity;sid:84479591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616481)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754662201_3749.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616481/; classtype:trojan-activity;sid:84479581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616482)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755143540_6281.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616482/; classtype:trojan-activity;sid:84479582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616483)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754684943_2072.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616483/; classtype:trojan-activity;sid:84479583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616476)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753126055_1297.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616476/; classtype:trojan-activity;sid:84479576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616477)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753297637_8850.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616477/; classtype:trojan-activity;sid:84479577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616478)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756482309_5651.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616478/; classtype:trojan-activity;sid:84479578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616479)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755706999_4705.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616479/; classtype:trojan-activity;sid:84479579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616480)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754492607_5376.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616480/; classtype:trojan-activity;sid:84479580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616475)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754491409_8770.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616475/; classtype:trojan-activity;sid:84479575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616467)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753344203_2158.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616467/; classtype:trojan-activity;sid:84479567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616468)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754491761_9536.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616468/; classtype:trojan-activity;sid:84479568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616469)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756761120_7478.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616469/; classtype:trojan-activity;sid:84479569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616470)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755124208_1190.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616470/; classtype:trojan-activity;sid:84479570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616471)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755886034_2571.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616471/; classtype:trojan-activity;sid:84479571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616472)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753344693_2005.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616472/; classtype:trojan-activity;sid:84479572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616473)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754664955_6277.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616473/; classtype:trojan-activity;sid:84479573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616474)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755830064_2181.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616474/; classtype:trojan-activity;sid:84479574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616465)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756795771_1338.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616465/; classtype:trojan-activity;sid:84479565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616466)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754868662_7635.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616466/; classtype:trojan-activity;sid:84479566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616463)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755123793_4371.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616463/; classtype:trojan-activity;sid:84479563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616464)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754088101_1219.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616464/; classtype:trojan-activity;sid:84479564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616461)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755274748_1450.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616461/; classtype:trojan-activity;sid:84479561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616462)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/buildd.txt"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616462/; classtype:trojan-activity;sid:84479562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616459)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753451430_8856.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616459/; classtype:trojan-activity;sid:84479559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616460)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755174372_3789.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616460/; classtype:trojan-activity;sid:84479560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616458)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755106056_4523.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616458/; classtype:trojan-activity;sid:84479558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616452)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755262246_7419.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616452/; classtype:trojan-activity;sid:84479552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616453)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756135324_9185.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616453/; classtype:trojan-activity;sid:84479553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616454)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754495298_5279.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616454/; classtype:trojan-activity;sid:84479554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616455)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756695103_7922.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616455/; classtype:trojan-activity;sid:84479555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616456)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756543837_3049.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616456/; classtype:trojan-activity;sid:84479556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616457)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756790159_6964.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616457/; classtype:trojan-activity;sid:84479557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616448)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753908043_6565.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616448/; classtype:trojan-activity;sid:84479548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616449)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755124354_3028.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616449/; classtype:trojan-activity;sid:84479549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616450)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754972912_6297.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616450/; classtype:trojan-activity;sid:84479550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616451)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755105142_7182.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616451/; classtype:trojan-activity;sid:84479551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616444)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754333579_3934.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616444/; classtype:trojan-activity;sid:84479544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616445)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756239286_8472.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616445/; classtype:trojan-activity;sid:84479545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616446)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755213307_1487.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616446/; classtype:trojan-activity;sid:84479546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616447)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755809817_3803.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616447/; classtype:trojan-activity;sid:84479547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616438)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756708420_6132.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616438/; classtype:trojan-activity;sid:84479538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616439)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756225416_2785.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616439/; classtype:trojan-activity;sid:84479539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616440)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756695339_3040.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616440/; classtype:trojan-activity;sid:84479540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616441)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756679791_7155.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616441/; classtype:trojan-activity;sid:84479541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616442)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754492726_7813.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616442/; classtype:trojan-activity;sid:84479542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616443)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756789656_9239.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616443/; classtype:trojan-activity;sid:84479543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616434)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756682786_2585.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616434/; classtype:trojan-activity;sid:84479534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616435)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753972623_9119.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616435/; classtype:trojan-activity;sid:84479535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616436)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753685554_6382.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616436/; classtype:trojan-activity;sid:84479536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616437)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754909321_4984.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616437/; classtype:trojan-activity;sid:84479537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616433)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756675276_6492.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616433/; classtype:trojan-activity;sid:84479533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616429)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756826718_5373.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616429/; classtype:trojan-activity;sid:84479529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616430)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756706955_7207.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616430/; classtype:trojan-activity;sid:84479530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616431)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756698807_6871.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616431/; classtype:trojan-activity;sid:84479531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616432)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755274968_6904.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616432/; classtype:trojan-activity;sid:84479532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616423)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756884912_3154.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616423/; classtype:trojan-activity;sid:84479523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616424)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755143974_2447.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616424/; classtype:trojan-activity;sid:84479524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616425)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755064348_9957.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616425/; classtype:trojan-activity;sid:84479525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616426)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755829499_2358.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616426/; classtype:trojan-activity;sid:84479526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616427)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1752925045_4817.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616427/; classtype:trojan-activity;sid:84479527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616428)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756793543_6890.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616428/; classtype:trojan-activity;sid:84479528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616420)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753344094_2214.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616420/; classtype:trojan-activity;sid:84479520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616421)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753881204_8688.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616421/; classtype:trojan-activity;sid:84479521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616422)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756890659_3526.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616422/; classtype:trojan-activity;sid:84479522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616416)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755646300_1004.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616416/; classtype:trojan-activity;sid:84479516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616417)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753804563_2987.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616417/; classtype:trojan-activity;sid:84479517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616418)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753309979_4019.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616418/; classtype:trojan-activity;sid:84479518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616419)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755564628_3943.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616419/; classtype:trojan-activity;sid:84479519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616414)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755175377_7521.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616414/; classtype:trojan-activity;sid:84479514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616415)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753700018_2925.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616415/; classtype:trojan-activity;sid:84479515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616413)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754965010_5851.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616413/; classtype:trojan-activity;sid:84479513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616410)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753884186_5693.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616410/; classtype:trojan-activity;sid:84479510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616411)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1752924937_1017.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616411/; classtype:trojan-activity;sid:84479511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616412)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/njq.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616412/; classtype:trojan-activity;sid:84479512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616407)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756480655_6651.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616407/; classtype:trojan-activity;sid:84479507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616408)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756094012_5357.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616408/; classtype:trojan-activity;sid:84479508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616409)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756684524_6439.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616409/; classtype:trojan-activity;sid:84479509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616403)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/te.txt"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616403/; classtype:trojan-activity;sid:84479503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616404)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755025427_9357.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616404/; classtype:trojan-activity;sid:84479504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616405)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754663137_3408.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616405/; classtype:trojan-activity;sid:84479505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616406)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755197344_6032.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616406/; classtype:trojan-activity;sid:84479506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616398)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755495863_9603.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616398/; classtype:trojan-activity;sid:84479498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616399)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754972331_9165.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616399/; classtype:trojan-activity;sid:84479499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616400)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754090276_5438.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616400/; classtype:trojan-activity;sid:84479500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616401)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753578886_7990.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616401/; classtype:trojan-activity;sid:84479501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616402)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756411549_1322.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616402/; classtype:trojan-activity;sid:84479502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616393)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755347993_1670.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616393/; classtype:trojan-activity;sid:84479493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616394)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755609240_2605.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616394/; classtype:trojan-activity;sid:84479494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616395)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755649533_5657.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616395/; classtype:trojan-activity;sid:84479495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616396)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755827386_5377.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616396/; classtype:trojan-activity;sid:84479496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616397)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754257919_5130.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616397/; classtype:trojan-activity;sid:84479497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616388)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756665134_8546.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616388/; classtype:trojan-activity;sid:84479488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616389)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755973464_8526.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616389/; classtype:trojan-activity;sid:84479489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616390)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754938624_2008.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616390/; classtype:trojan-activity;sid:84479490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616391)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755180631_2685.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616391/; classtype:trojan-activity;sid:84479491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616392)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756696403_2994.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616392/; classtype:trojan-activity;sid:84479492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616386)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753308486_5021.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616386/; classtype:trojan-activity;sid:84479486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616387)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753489760_8080.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616387/; classtype:trojan-activity;sid:84479487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616384)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756707649_6897.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616384/; classtype:trojan-activity;sid:84479484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616385)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754509635_4462.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616385/; classtype:trojan-activity;sid:84479485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616376)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756740306_8159.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616376/; classtype:trojan-activity;sid:84479476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616377)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755106476_5365.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616377/; classtype:trojan-activity;sid:84479477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616378)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753306423_1483.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616378/; classtype:trojan-activity;sid:84479478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616379)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755802338_6330.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616379/; classtype:trojan-activity;sid:84479479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616380)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756807287_2476.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616380/; classtype:trojan-activity;sid:84479480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616381)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754703623_4520.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616381/; classtype:trojan-activity;sid:84479481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616382)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756807486_9874.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616382/; classtype:trojan-activity;sid:84479482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616383)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754869002_8974.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616383/; classtype:trojan-activity;sid:84479483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616374)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756866469_6499.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616374/; classtype:trojan-activity;sid:84479474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616375)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755062776_5296.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616375/; classtype:trojan-activity;sid:84479475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616371)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754508386_1775.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616371/; classtype:trojan-activity;sid:84479471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616372)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756486488_7258.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616372/; classtype:trojan-activity;sid:84479472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616373)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753201515_9280.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616373/; classtype:trojan-activity;sid:84479473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616368)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756135482_9844.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616368/; classtype:trojan-activity;sid:84479468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616369)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753122011_8393.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616369/; classtype:trojan-activity;sid:84479469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616370)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754509181_7182.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616370/; classtype:trojan-activity;sid:84479470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616360)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754508557_5804.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616360/; classtype:trojan-activity;sid:84479460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616361)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755973559_8720.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616361/; classtype:trojan-activity;sid:84479461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616362)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756676123_9544.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616362/; classtype:trojan-activity;sid:84479462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616363)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755524305_2392.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616363/; classtype:trojan-activity;sid:84479463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616364)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755052707_8843.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616364/; classtype:trojan-activity;sid:84479464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616365)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756706695_8294.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616365/; classtype:trojan-activity;sid:84479465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616366)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1752960710_4076.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616366/; classtype:trojan-activity;sid:84479466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616367)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756712369_3000.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616367/; classtype:trojan-activity;sid:84479467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616357)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755436234_2367.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616357/; classtype:trojan-activity;sid:84479457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616358)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753880424_1818.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616358/; classtype:trojan-activity;sid:84479458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616359)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754511709_1965.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616359/; classtype:trojan-activity;sid:84479459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616351)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754966589_8659.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616351/; classtype:trojan-activity;sid:84479451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616352)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755805851_1979.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616352/; classtype:trojan-activity;sid:84479452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616353)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753310600_8463.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616353/; classtype:trojan-activity;sid:84479453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616354)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754008920_1985.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616354/; classtype:trojan-activity;sid:84479454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616355)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756888942_3965.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616355/; classtype:trojan-activity;sid:84479455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616356)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754496086_7219.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616356/; classtype:trojan-activity;sid:84479456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616343)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755622921_7359.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616343/; classtype:trojan-activity;sid:84479443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616344)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753806037_9531.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616344/; classtype:trojan-activity;sid:84479444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616345)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756226170_9773.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616345/; classtype:trojan-activity;sid:84479445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616346)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754511541_8659.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616346/; classtype:trojan-activity;sid:84479446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616347)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753489446_5829.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616347/; classtype:trojan-activity;sid:84479447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616348)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754507146_9145.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616348/; classtype:trojan-activity;sid:84479448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616349)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756176168_8703.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616349/; classtype:trojan-activity;sid:84479449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616350)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754937650_7689.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616350/; classtype:trojan-activity;sid:84479450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616341)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756536238_5041.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616341/; classtype:trojan-activity;sid:84479441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616342)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756480965_8039.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616342/; classtype:trojan-activity;sid:84479442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616340)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754870377_8722.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616340/; classtype:trojan-activity;sid:84479440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616339)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756826387_1971.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616339/; classtype:trojan-activity;sid:84479439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616334)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755002828_5699.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616334/; classtype:trojan-activity;sid:84479434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616335)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754661817_2058.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616335/; classtype:trojan-activity;sid:84479435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616336)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755157300_3948.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616336/; classtype:trojan-activity;sid:84479436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616337)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756087778_8678.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616337/; classtype:trojan-activity;sid:84479437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616338)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755175662_4191.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616338/; classtype:trojan-activity;sid:84479438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616333)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754415826_1181.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616333/; classtype:trojan-activity;sid:84479433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616324)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755559605_4956.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616324/; classtype:trojan-activity;sid:84479424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616325)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1752925000_2027.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616325/; classtype:trojan-activity;sid:84479425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616326)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1752775815_9881.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616326/; classtype:trojan-activity;sid:84479426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616327)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754973233_2153.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616327/; classtype:trojan-activity;sid:84479427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616328)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755181473_9644.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616328/; classtype:trojan-activity;sid:84479428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616329)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755274678_2193.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616329/; classtype:trojan-activity;sid:84479429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616330)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756135165_5015.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616330/; classtype:trojan-activity;sid:84479430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616331)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754904737_7227.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616331/; classtype:trojan-activity;sid:84479431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616332)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756085697_2998.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616332/; classtype:trojan-activity;sid:84479432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616320)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755187516_9765.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616320/; classtype:trojan-activity;sid:84479420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616321)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755205596_3020.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616321/; classtype:trojan-activity;sid:84479421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616322)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755436555_6250.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616322/; classtype:trojan-activity;sid:84479422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616323)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754508204_5384.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616323/; classtype:trojan-activity;sid:84479423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616312)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755156566_9374.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616312/; classtype:trojan-activity;sid:84479412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616313)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756474747_1005.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616313/; classtype:trojan-activity;sid:84479413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616314)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756790465_8384.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616314/; classtype:trojan-activity;sid:84479414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616315)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754165777_7680.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616315/; classtype:trojan-activity;sid:84479415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616316)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754914300_5955.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616316/; classtype:trojan-activity;sid:84479416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616317)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756695825_9614.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616317/; classtype:trojan-activity;sid:84479417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616318)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756235293_3662.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616318/; classtype:trojan-activity;sid:84479418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616319)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756706217_3631.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616319/; classtype:trojan-activity;sid:84479419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616311)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755093733_8009.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616311/; classtype:trojan-activity;sid:84479411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616310)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753343843_7635.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616310/; classtype:trojan-activity;sid:84479410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616309)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754498213_6279.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616309/; classtype:trojan-activity;sid:84479409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616308)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754412913_3789.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616308/; classtype:trojan-activity;sid:84479408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616301)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754261101_6920.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616301/; classtype:trojan-activity;sid:84479401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616302)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755715490_6533.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616302/; classtype:trojan-activity;sid:84479402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616303)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753700040_2055.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616303/; classtype:trojan-activity;sid:84479403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616304)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753632090_1200.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616304/; classtype:trojan-activity;sid:84479404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616305)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755609100_7708.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616305/; classtype:trojan-activity;sid:84479405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616306)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753824210_4476.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616306/; classtype:trojan-activity;sid:84479406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616307)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756017972_6769.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616307/; classtype:trojan-activity;sid:84479407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616296)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756694526_2323.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616296/; classtype:trojan-activity;sid:84479396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616297)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755015660_2933.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616297/; classtype:trojan-activity;sid:84479397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616298)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755026089_4360.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616298/; classtype:trojan-activity;sid:84479398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616299)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754590704_2634.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616299/; classtype:trojan-activity;sid:84479399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616300)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756135203_4343.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616300/; classtype:trojan-activity;sid:84479400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616292)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754262068_1047.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616292/; classtype:trojan-activity;sid:84479392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616293)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756760775_2212.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616293/; classtype:trojan-activity;sid:84479393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616294)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756697888_1578.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616294/; classtype:trojan-activity;sid:84479394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616295)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753884023_4352.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616295/; classtype:trojan-activity;sid:84479395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616286)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755704076_7466.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616286/; classtype:trojan-activity;sid:84479386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616287)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754510553_3668.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616287/; classtype:trojan-activity;sid:84479387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616288)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754965737_4093.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616288/; classtype:trojan-activity;sid:84479388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616289)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755790626_7288.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616289/; classtype:trojan-activity;sid:84479389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616290)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755988854_9736.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616290/; classtype:trojan-activity;sid:84479390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616291)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754088362_6196.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616291/; classtype:trojan-activity;sid:84479391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616281)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756708875_2498.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616281/; classtype:trojan-activity;sid:84479381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616282)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754954384_9490.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616282/; classtype:trojan-activity;sid:84479382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616283)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756399906_6902.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616283/; classtype:trojan-activity;sid:84479383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616284)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756704270_2989.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616284/; classtype:trojan-activity;sid:84479384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616285)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755829766_9245.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616285/; classtype:trojan-activity;sid:84479385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616277)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754508823_6850.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616277/; classtype:trojan-activity;sid:84479377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616278)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756773423_3105.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616278/; classtype:trojan-activity;sid:84479378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616279)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754666549_9959.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616279/; classtype:trojan-activity;sid:84479379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616280)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754510334_4872.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616280/; classtype:trojan-activity;sid:84479380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616275)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756175304_8222.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616275/; classtype:trojan-activity;sid:84479375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616276)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756176425_6114.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616276/; classtype:trojan-activity;sid:84479376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616274)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755559694_9582.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616274/; classtype:trojan-activity;sid:84479374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616273)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755565351_3508.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616273/; classtype:trojan-activity;sid:84479373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616266)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756304972_7030.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616266/; classtype:trojan-activity;sid:84479366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616267)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753964780_9472.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616267/; classtype:trojan-activity;sid:84479367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616268)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753343632_8386.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616268/; classtype:trojan-activity;sid:84479368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616269)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755620193_6924.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616269/; classtype:trojan-activity;sid:84479369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616270)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756485459_4988.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616270/; classtype:trojan-activity;sid:84479370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616271)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754951018_4532.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616271/; classtype:trojan-activity;sid:84479371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616272)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754357956_3679.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616272/; classtype:trojan-activity;sid:84479372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616263)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754495632_9612.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616263/; classtype:trojan-activity;sid:84479363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616264)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755202918_1611.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616264/; classtype:trojan-activity;sid:84479364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616265)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755410238_5508.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616265/; classtype:trojan-activity;sid:84479365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616256)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755124194_2373.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616256/; classtype:trojan-activity;sid:84479356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616257)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753885666_1607.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616257/; classtype:trojan-activity;sid:84479357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616258)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/jhyu784jd.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616258/; classtype:trojan-activity;sid:84479358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616259)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753880813_8460.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616259/; classtype:trojan-activity;sid:84479359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616260)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755194301_1068.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616260/; classtype:trojan-activity;sid:84479360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616261)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754057498_6808.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616261/; classtype:trojan-activity;sid:84479361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616262)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754939621_3064.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616262/; classtype:trojan-activity;sid:84479362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616251)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754771962_8124.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616251/; classtype:trojan-activity;sid:84479351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616252)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756044959_8121.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616252/; classtype:trojan-activity;sid:84479352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616253)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756807329_4617.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616253/; classtype:trojan-activity;sid:84479353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616254)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755031133_4169.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616254/; classtype:trojan-activity;sid:84479354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616255)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/logg.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616255/; classtype:trojan-activity;sid:84479355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616247)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755609479_8032.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616247/; classtype:trojan-activity;sid:84479347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616248)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753309526_6863.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616248/; classtype:trojan-activity;sid:84479348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616249)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755609725_8784.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616249/; classtype:trojan-activity;sid:84479349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616250)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754938905_6749.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616250/; classtype:trojan-activity;sid:84479350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616243)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754591369_9566.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616243/; classtype:trojan-activity;sid:84479343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616244)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755213552_4846.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616244/; classtype:trojan-activity;sid:84479344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616245)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756254717_8756.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616245/; classtype:trojan-activity;sid:84479345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616246)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753309751_5838.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616246/; classtype:trojan-activity;sid:84479346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616241)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754415667_5093.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616241/; classtype:trojan-activity;sid:84479341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616242)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753126667_3472.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616242/; classtype:trojan-activity;sid:84479342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616239)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755009616_5069.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616239/; classtype:trojan-activity;sid:84479339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616240)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756037729_6513.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616240/; classtype:trojan-activity;sid:84479340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616238)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754509005_9272.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616238/; classtype:trojan-activity;sid:84479338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616233)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753805924_7160.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616233/; classtype:trojan-activity;sid:84479333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616234)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755162726_7679.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616234/; classtype:trojan-activity;sid:84479334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616235)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754938258_4110.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616235/; classtype:trojan-activity;sid:84479335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616236)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754663973_9806.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616236/; classtype:trojan-activity;sid:84479336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616237)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755275099_6071.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616237/; classtype:trojan-activity;sid:84479337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616231)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754591616_9091.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616231/; classtype:trojan-activity;sid:84479331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616232)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755249346_5042.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616232/; classtype:trojan-activity;sid:84479332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616225)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754922989_5712.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616225/; classtype:trojan-activity;sid:84479325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616226)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754656120_2873.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616226/; classtype:trojan-activity;sid:84479326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616227)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754665629_5223.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616227/; classtype:trojan-activity;sid:84479327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616228)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754507894_7296.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616228/; classtype:trojan-activity;sid:84479328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616229)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755111568_9654.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616229/; classtype:trojan-activity;sid:84479329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616230)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753035627_4194.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616230/; classtype:trojan-activity;sid:84479330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616212)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754904585_2484.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616212/; classtype:trojan-activity;sid:84479312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616213)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753974412_2332.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616213/; classtype:trojan-activity;sid:84479313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616214)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755113144_5772.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616214/; classtype:trojan-activity;sid:84479314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616215)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754358323_1674.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616215/; classtype:trojan-activity;sid:84479315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616216)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1755181746_6284.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616216/; classtype:trojan-activity;sid:84479316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616217)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754510137_2086.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616217/; classtype:trojan-activity;sid:84479317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616218)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754494727_5644.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616218/; classtype:trojan-activity;sid:84479318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616219)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753125883_2210.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616219/; classtype:trojan-activity;sid:84479319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616220)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756472799_2424.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616220/; classtype:trojan-activity;sid:84479320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616221)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754905159_6041.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616221/; classtype:trojan-activity;sid:84479321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616222)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754956181_5123.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616222/; classtype:trojan-activity;sid:84479322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616223)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756234989_8408.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616223/; classtype:trojan-activity;sid:84479323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616224)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754904295_8920.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616224/; classtype:trojan-activity;sid:84479324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616208)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1752915971_8954.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616208/; classtype:trojan-activity;sid:84479308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616209)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756177648_7722.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616209/; classtype:trojan-activity;sid:84479309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616210)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753310194_9470.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616210/; classtype:trojan-activity;sid:84479310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616211)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1754498125_2887.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616211/; classtype:trojan-activity;sid:84479311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616207)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1753908204_6318.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616207/; classtype:trojan-activity;sid:84479307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.34.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616206/; classtype:trojan-activity;sid:84479306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616205)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/buhertyos/raw/33e82aa4888ebe5b9c5a640c8705b0359572c104/jke.txt"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616205/; classtype:trojan-activity;sid:84479305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616204)"; flow:established,from_client; content:"GET"; http_method; content:"/nbiuityt/replot/raw/main/payload_1756887364_3733.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616204/; classtype:trojan-activity;sid:84479304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616203)"; flow:established,from_client; content:"GET"; http_method; content:"/alufoyjsvgqxsvuk91.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"petrotecmx.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616203/; classtype:trojan-activity;sid:84479303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.111.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616201/; classtype:trojan-activity;sid:84479301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616202)"; flow:established,from_client; content:"GET"; http_method; content:"/rifacimenti.asi"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"petrotecmx.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616202/; classtype:trojan-activity;sid:84479302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616200)"; flow:established,from_client; content:"GET"; http_method; content:"/pencatite.aca"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"petrotecmx.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616200/; classtype:trojan-activity;sid:84479300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616199)"; flow:established,from_client; content:"GET"; http_method; content:"/chibouquei.thn"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.sunce-projekt.hr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616199/; classtype:trojan-activity;sid:84479299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616198)"; flow:established,from_client; content:"GET"; http_method; content:"/enersfranc.jpb"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"serralux.pt"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616198/; classtype:trojan-activity;sid:84479298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616197)"; flow:established,from_client; content:"GET"; http_method; content:"/xfhniywavvkk55.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"192.3.177.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616197/; classtype:trojan-activity;sid:84479297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616196)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/css/hello.png"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mileshr.ae"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616196/; classtype:trojan-activity;sid:84479296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616195)"; flow:established,from_client; content:"GET"; http_method; content:"/ada.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"f-capture.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616195/; classtype:trojan-activity;sid:84479295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616194)"; flow:established,from_client; content:"GET"; http_method; content:"/d/|3f|baixar=notafiscal"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"download.pdfatualizacao.online"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616194/; classtype:trojan-activity;sid:84479294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.36.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616193/; classtype:trojan-activity;sid:84479293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616187)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616187/; classtype:trojan-activity;sid:84479287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616188)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616188/; classtype:trojan-activity;sid:84479288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616189)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616189/; classtype:trojan-activity;sid:84479289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616190)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616190/; classtype:trojan-activity;sid:84479290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.253.18.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616191/; classtype:trojan-activity;sid:84479291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616192)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616192/; classtype:trojan-activity;sid:84479292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616182)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616182/; classtype:trojan-activity;sid:84479282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616183)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616183/; classtype:trojan-activity;sid:84479283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616184)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616184/; classtype:trojan-activity;sid:84479284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616185)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616185/; classtype:trojan-activity;sid:84479285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616186)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.162.114.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616186/; classtype:trojan-activity;sid:84479286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.190.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616181/; classtype:trojan-activity;sid:84479281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.185.26.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616180/; classtype:trojan-activity;sid:84479280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.34.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616179/; classtype:trojan-activity;sid:84479279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.207.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616178/; classtype:trojan-activity;sid:84479278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.185.26.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616177/; classtype:trojan-activity;sid:84479277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.35.160.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616176/; classtype:trojan-activity;sid:84479276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.47.227.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616175/; classtype:trojan-activity;sid:84479275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616174)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique1/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616174/; classtype:trojan-activity;sid:84479274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.36.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616173/; classtype:trojan-activity;sid:84479273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616172)"; flow:established,from_client; content:"GET"; http_method; content:"/i42jr3ju5k.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wug.hekulei5.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616172/; classtype:trojan-activity;sid:84479272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.171.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616171/; classtype:trojan-activity;sid:84479271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.253.18.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616170/; classtype:trojan-activity;sid:84479270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616169)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7919576999/zfsyx8x.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616169/; classtype:trojan-activity;sid:84479269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.85.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616168/; classtype:trojan-activity;sid:84479268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616167)"; flow:established,from_client; content:"GET"; http_method; content:"/h2/stein.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"196.251.73.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616167/; classtype:trojan-activity;sid:84479267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616166)"; flow:established,from_client; content:"GET"; http_method; content:"/th9dlv8z96.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"loe.jujosuu4.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616166/; classtype:trojan-activity;sid:84479266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.154.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616164/; classtype:trojan-activity;sid:84479264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.195.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616165/; classtype:trojan-activity;sid:84479265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616163)"; flow:established,from_client; content:"GET"; http_method; content:"/out.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"progressdev.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616163/; classtype:trojan-activity;sid:84479263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616162/; classtype:trojan-activity;sid:84479262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.36.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616161/; classtype:trojan-activity;sid:84479261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.37.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616160/; classtype:trojan-activity;sid:84479260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.85.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616159/; classtype:trojan-activity;sid:84479259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616158)"; flow:established,from_client; content:"GET"; http_method; content:"/zgvz8sth43.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"loe.jujosuu4.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616158/; classtype:trojan-activity;sid:84479258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.36.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616157/; classtype:trojan-activity;sid:84479257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616155)"; flow:established,from_client; content:"GET"; http_method; content:"/drip.sym"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wood-simple.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616155/; classtype:trojan-activity;sid:84479255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616156)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/img/1957b95c3.res"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"wood-simple.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616156/; classtype:trojan-activity;sid:84479256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616154)"; flow:established,from_client; content:"GET"; http_method; content:"/js.php"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vcsinfo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616154/; classtype:trojan-activity;sid:84479254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616153)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"46.100.5.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616153/; classtype:trojan-activity;sid:84479253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.12.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616150/; classtype:trojan-activity;sid:84479250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.138.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616151/; classtype:trojan-activity;sid:84479251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"207.65.186.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616152/; classtype:trojan-activity;sid:84479252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.15.12.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616145/; classtype:trojan-activity;sid:84479245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.247.222.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616146/; classtype:trojan-activity;sid:84479246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.187.104.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616147/; classtype:trojan-activity;sid:84479247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.156.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616148/; classtype:trojan-activity;sid:84479248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.187.104.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616149/; classtype:trojan-activity;sid:84479249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.127.226.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616144/; classtype:trojan-activity;sid:84479244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.176.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616143/; classtype:trojan-activity;sid:84479243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616142)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|filename=tuesdayconvertedfile.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bafybeiczynxttyfuspwnuinsw54och2tkicvhh3czwlxvmjlvjfkabw764.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616142/; classtype:trojan-activity;sid:84479242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.154.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616141/; classtype:trojan-activity;sid:84479241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616140/; classtype:trojan-activity;sid:84479240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"progressdev.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616139/; classtype:trojan-activity;sid:84479239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616138)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7973538105/kwnbkt6.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616138/; classtype:trojan-activity;sid:84479238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616137)"; flow:established,from_client; content:"GET"; http_method; content:"/download/skateboard_output/skateboard_output.jpg"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"archive.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616137/; classtype:trojan-activity;sid:84479237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616136)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"progressdev.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616136/; classtype:trojan-activity;sid:84479236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616132)"; flow:established,from_client; content:"GET"; http_method; content:"/network/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"progressdev.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616132/; classtype:trojan-activity;sid:84479232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616133)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8052963817/dj7qvus.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616133/; classtype:trojan-activity;sid:84479233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616134)"; flow:established,from_client; content:"GET"; http_method; content:"/library/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"progressdev.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616134/; classtype:trojan-activity;sid:84479234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616135)"; flow:established,from_client; content:"GET"; http_method; content:"/apple/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"progressdev.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616135/; classtype:trojan-activity;sid:84479235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616131)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6053747383/3zffnbi.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616131/; classtype:trojan-activity;sid:84479231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.37.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616130/; classtype:trojan-activity;sid:84479230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616129)"; flow:established,from_client; content:"GET"; http_method; content:"/eey72hutjg.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"loe.jujosuu4.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616129/; classtype:trojan-activity;sid:84479229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616128)"; flow:established,from_client; content:"GET"; http_method; content:"/ovp1s7tbol.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"loe.jujosuu4.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616128/; classtype:trojan-activity;sid:84479228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616127)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.111.248.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616127/; classtype:trojan-activity;sid:84479227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.124.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616126/; classtype:trojan-activity;sid:84479226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.124.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616125/; classtype:trojan-activity;sid:84479225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.107.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616124/; classtype:trojan-activity;sid:84479224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616123)"; flow:established,from_client; content:"GET"; http_method; content:"/gyaau7gyix.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"loe.jujosuu4.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616123/; classtype:trojan-activity;sid:84479223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.176.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616122/; classtype:trojan-activity;sid:84479222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.189.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616121/; classtype:trojan-activity;sid:84479221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.124.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616120/; classtype:trojan-activity;sid:84479220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616119)"; flow:established,from_client; content:"GET"; http_method; content:"/x4q7y1wcxk.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"loe.jujosuu4.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616119/; classtype:trojan-activity;sid:84479219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616116)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/att/main/pagvendas.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616116/; classtype:trojan-activity;sid:84479216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616117)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/rg/main/atualizarparceiros.apk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616117/; classtype:trojan-activity;sid:84479217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616118)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/asdfggas/main/atualizarparceiro.apk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616118/; classtype:trojan-activity;sid:84479218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.189.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616115/; classtype:trojan-activity;sid:84479215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.81.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616114/; classtype:trojan-activity;sid:84479214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616113)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/bjhf/main/atualizarbeneficios.apk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616113/; classtype:trojan-activity;sid:84479213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616111)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/sdvc/main/parceirosatualizar.apk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616111/; classtype:trojan-activity;sid:84479211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616112)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/asfa/main/beneficiospag.apk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616112/; classtype:trojan-activity;sid:84479212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616104)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/vsv/main/beneficiospagvendas.apk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616104/; classtype:trojan-activity;sid:84479204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616105)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/fadf/main/atualizarpagvendas.apk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616105/; classtype:trojan-activity;sid:84479205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616106)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/sdsd/main/parceiros.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616106/; classtype:trojan-activity;sid:84479206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616107)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/tkjyut/main/atualizarparceiros.apk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616107/; classtype:trojan-activity;sid:84479207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616108)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/efgwe/main/pagbeneficios.apk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616108/; classtype:trojan-activity;sid:84479208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616109)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/rtf2wrtf/main/pag%20beneficios.apk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616109/; classtype:trojan-activity;sid:84479209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616110)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/dfgdfd/main/atualizarpagvendas.apk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616110/; classtype:trojan-activity;sid:84479210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616102)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/dfrfae/main/pagvendasbeneficios.apk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616102/; classtype:trojan-activity;sid:84479202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616103)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/edcfv/main/pagvendasbenef%c3%adcios.apk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616103/; classtype:trojan-activity;sid:84479203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616098)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/ewfw/main/atualizarbeneficios.apk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616098/; classtype:trojan-activity;sid:84479198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616099)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/rgfgg/main/atualizarbeneficios.apk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616099/; classtype:trojan-activity;sid:84479199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616100)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/sdg/main/atualizarpagbeneficios.apk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616100/; classtype:trojan-activity;sid:84479200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616101)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/efef/main/pagbeneficios.apk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616101/; classtype:trojan-activity;sid:84479201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616097)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/feqf/main/pagbenef%c3%adcios.apk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616097/; classtype:trojan-activity;sid:84479197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"164.163.25.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616094/; classtype:trojan-activity;sid:84479194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616095)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/rtwt/main/pagbeneficios.apk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616095/; classtype:trojan-activity;sid:84479195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616096)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/reg/main/atualizar.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616096/; classtype:trojan-activity;sid:84479196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616091)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/tghy/main/atualizarbeneficios.apk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616091/; classtype:trojan-activity;sid:84479191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616092)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/fdhfgj/main/ativarbeneficios.apk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616092/; classtype:trojan-activity;sid:84479192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616093)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/adff/main/caixa%20.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616093/; classtype:trojan-activity;sid:84479193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616090)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/dwd/main/caixaresgatedepontos.apk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616090/; classtype:trojan-activity;sid:84479190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.47.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616089/; classtype:trojan-activity;sid:84479189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616088/; classtype:trojan-activity;sid:84479188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.230.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616087/; classtype:trojan-activity;sid:84479187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.22.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616086/; classtype:trojan-activity;sid:84479186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.4.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616084/; classtype:trojan-activity;sid:84479184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.47.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616085/; classtype:trojan-activity;sid:84479185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.113.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616083/; classtype:trojan-activity;sid:84479183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616082)"; flow:established,from_client; content:"GET"; http_method; content:"/dq9ucyjknm.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"loe.jujosuu4.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616082/; classtype:trojan-activity;sid:84479182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616081)"; flow:established,from_client; content:"GET"; http_method; content:"/extentwallet.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"77.73.131.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616081/; classtype:trojan-activity;sid:84479181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616080)"; flow:established,from_client; content:"GET"; http_method; content:"/additional_tool.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"77.73.131.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616080/; classtype:trojan-activity;sid:84479180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616078)"; flow:established,from_client; content:"GET"; http_method; content:"/screenshot.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"77.73.131.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616078/; classtype:trojan-activity;sid:84479178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616079)"; flow:established,from_client; content:"GET"; http_method; content:"/info.dll"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.73.131.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616079/; classtype:trojan-activity;sid:84479179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616077)"; flow:established,from_client; content:"GET"; http_method; content:"/another_tool.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"77.73.131.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616077/; classtype:trojan-activity;sid:84479177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616076)"; flow:established,from_client; content:"GET"; http_method; content:"/extra_tool.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"77.73.131.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616076/; classtype:trojan-activity;sid:84479176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616074)"; flow:established,from_client; content:"GET"; http_method; content:"/cookautofdllopfire.dll"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"77.73.131.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616074/; classtype:trojan-activity;sid:84479174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616075)"; flow:established,from_client; content:"GET"; http_method; content:"/filezilla.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"77.73.131.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616075/; classtype:trojan-activity;sid:84479175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616067)"; flow:established,from_client; content:"GET"; http_method; content:"/documentgrabber.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"77.73.131.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616067/; classtype:trojan-activity;sid:84479167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616068)"; flow:established,from_client; content:"GET"; http_method; content:"/password_formatter.dll"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"77.73.131.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616068/; classtype:trojan-activity;sid:84479168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616069)"; flow:established,from_client; content:"GET"; http_method; content:"/steam_config_backup.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"77.73.131.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616069/; classtype:trojan-activity;sid:84479169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616070)"; flow:established,from_client; content:"GET"; http_method; content:"/telegram_data_mover.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"77.73.131.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616070/; classtype:trojan-activity;sid:84479170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616071)"; flow:established,from_client; content:"GET"; http_method; content:"/processes.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"77.73.131.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616071/; classtype:trojan-activity;sid:84479171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616072)"; flow:established,from_client; content:"GET"; http_method; content:"/my_new_dll.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"77.73.131.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616072/; classtype:trojan-activity;sid:84479172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616073)"; flow:established,from_client; content:"GET"; http_method; content:"/chrome_inject.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"77.73.131.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616073/; classtype:trojan-activity;sid:84479173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616065)"; flow:established,from_client; content:"GET"; http_method; content:"/software.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"77.73.131.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616065/; classtype:trojan-activity;sid:84479165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616066)"; flow:established,from_client; content:"GET"; http_method; content:"/walletsorterdll.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"77.73.131.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616066/; classtype:trojan-activity;sid:84479166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616064)"; flow:established,from_client; content:"GET"; http_method; content:"/chrome_decrypt.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"77.73.131.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616064/; classtype:trojan-activity;sid:84479164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616063)"; flow:established,from_client; content:"GET"; http_method; content:"/generate"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"acrobat-updater.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616063/; classtype:trojan-activity;sid:84479163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616062)"; flow:established,from_client; content:"GET"; http_method; content:"/24/items/realomadrido2025/tragira.jpg"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"ia801003.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616062/; classtype:trojan-activity;sid:84479162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616061)"; flow:established,from_client; content:"GET"; http_method; content:"/5f109e7bb3df4dea81946f2f853da288"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"acrobat-updater.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616061/; classtype:trojan-activity;sid:84479161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616060)"; flow:established,from_client; content:"GET"; http_method; content:"/22/items/acrobat-updater.com/acrobat-updater.com.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"ia601604.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616060/; classtype:trojan-activity;sid:84479160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616059)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/sdfh/main/pagbeneficios.apk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616059/; classtype:trojan-activity;sid:84479159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.6.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616058/; classtype:trojan-activity;sid:84479158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.247.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616057/; classtype:trojan-activity;sid:84479157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616056)"; flow:established,from_client; content:"GET"; http_method; content:"/ioeax64b3h.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"loe.jujosuu4.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616056/; classtype:trojan-activity;sid:84479156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616055)"; flow:established,from_client; content:"GET"; http_method; content:"/yafbxt.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"maingravel.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616055/; classtype:trojan-activity;sid:84479155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.6.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616054/; classtype:trojan-activity;sid:84479154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616053)"; flow:established,from_client; content:"GET"; http_method; content:"/videoteka/img001.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"94.19.220.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616053/; classtype:trojan-activity;sid:84479153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616052)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616052/; classtype:trojan-activity;sid:84479152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616039)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616039/; classtype:trojan-activity;sid:84479139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616040)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616040/; classtype:trojan-activity;sid:84479140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616041)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616041/; classtype:trojan-activity;sid:84479141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616042)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616042/; classtype:trojan-activity;sid:84479142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616043)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arvm7l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616043/; classtype:trojan-activity;sid:84479143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616044)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616044/; classtype:trojan-activity;sid:84479144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616045)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616045/; classtype:trojan-activity;sid:84479145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616046)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616046/; classtype:trojan-activity;sid:84479146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616047)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616047/; classtype:trojan-activity;sid:84479147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616048)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616048/; classtype:trojan-activity;sid:84479148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616049)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.208.162.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616049/; classtype:trojan-activity;sid:84479149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616050)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.208.162.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616050/; classtype:trojan-activity;sid:84479150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616051)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.208.162.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616051/; classtype:trojan-activity;sid:84479151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.193.120.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616038/; classtype:trojan-activity;sid:84479138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.232.8.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616037/; classtype:trojan-activity;sid:84479137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616036)"; flow:established,from_client; content:"GET"; http_method; content:"/jjs6ppe7ka.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"loe.jujosuu4.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616036/; classtype:trojan-activity;sid:84479136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.95.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616035/; classtype:trojan-activity;sid:84479135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.193.120.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616034/; classtype:trojan-activity;sid:84479134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616033)"; flow:established,from_client; content:"GET"; http_method; content:"/download-55.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.104.144.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616033/; classtype:trojan-activity;sid:84479133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616032)"; flow:established,from_client; content:"GET"; http_method; content:"/download-rocky.sh"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"47.104.144.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616032/; classtype:trojan-activity;sid:84479132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616031)"; flow:established,from_client; content:"GET"; http_method; content:"/install_rocky.sh"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"47.104.144.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616031/; classtype:trojan-activity;sid:84479131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616024)"; flow:established,from_client; content:"GET"; http_method; content:"/dnf_8.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.144.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616024/; classtype:trojan-activity;sid:84479124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616025)"; flow:established,from_client; content:"GET"; http_method; content:"/download-55_new.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.144.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616025/; classtype:trojan-activity;sid:84479125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616026)"; flow:established,from_client; content:"GET"; http_method; content:"/install.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"47.104.144.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616026/; classtype:trojan-activity;sid:84479126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616027)"; flow:established,from_client; content:"GET"; http_method; content:"/download-47_new.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.144.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616027/; classtype:trojan-activity;sid:84479127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616028)"; flow:established,from_client; content:"GET"; http_method; content:"/install_new.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.104.144.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616028/; classtype:trojan-activity;sid:84479128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616029)"; flow:established,from_client; content:"GET"; http_method; content:"/installcallcenter_centos7_4.2_http.sh"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"47.104.144.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616029/; classtype:trojan-activity;sid:84479129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616030)"; flow:established,from_client; content:"GET"; http_method; content:"/download-115.sh"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.104.144.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616030/; classtype:trojan-activity;sid:84479130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616023)"; flow:established,from_client; content:"GET"; http_method; content:"/in/11.cmd"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"216.245.184.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616023/; classtype:trojan-activity;sid:84479123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616020)"; flow:established,from_client; content:"GET"; http_method; content:"/static/cosmali.ps1"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cf-cap-load.cfd"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616020/; classtype:trojan-activity;sid:84479120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616021)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.21.237.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616021/; classtype:trojan-activity;sid:84479121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616022)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.21.237.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616022/; classtype:trojan-activity;sid:84479122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616019)"; flow:established,from_client; content:"GET"; http_method; content:"/justin1823/test_repo111/releases/download/t/final.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616019/; classtype:trojan-activity;sid:84479119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616017)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6012304042/itjdauh.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616017/; classtype:trojan-activity;sid:84479117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616018)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8167064937/x0s37kw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616018/; classtype:trojan-activity;sid:84479118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616016)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.215.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616016/; classtype:trojan-activity;sid:84479116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616013)"; flow:established,from_client; content:"GET"; http_method; content:"/extensao-nova.crx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"162.33.178.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616013/; classtype:trojan-activity;sid:84479113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616014)"; flow:established,from_client; content:"GET"; http_method; content:"/invitation.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pub-1e4f784a849d4b38ac2c6b72e284d6c4.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616014/; classtype:trojan-activity;sid:84479114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.184.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616015/; classtype:trojan-activity;sid:84479115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616012)"; flow:established,from_client; content:"GET"; http_method; content:"/extensao-nova.crx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"clgnymc.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616012/; classtype:trojan-activity;sid:84479112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616008)"; flow:established,from_client; content:"GET"; http_method; content:"/sebastian/a.txt"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"168.100.9.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616008/; classtype:trojan-activity;sid:84479108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616009)"; flow:established,from_client; content:"GET"; http_method; content:"/sebastian/updater.jar"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"168.100.9.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616009/; classtype:trojan-activity;sid:84479109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616010)"; flow:established,from_client; content:"GET"; http_method; content:"/sebastian/installer.jar"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"168.100.9.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616010/; classtype:trojan-activity;sid:84479110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616011)"; flow:established,from_client; content:"GET"; http_method; content:"/wget_telnet.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616011/; classtype:trojan-activity;sid:84479111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616007)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7919576999/q8lspqo.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616007/; classtype:trojan-activity;sid:84479107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.240.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616006/; classtype:trojan-activity;sid:84479106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.95.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616005/; classtype:trojan-activity;sid:84479105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616003)"; flow:established,from_client; content:"GET"; http_method; content:"/dll.dll"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.208.84.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616003/; classtype:trojan-activity;sid:84479103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616004)"; flow:established,from_client; content:"GET"; http_method; content:"/amadey.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.208.84.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616004/; classtype:trojan-activity;sid:84479104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.190.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616002/; classtype:trojan-activity;sid:84479102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616001)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/139assicc.dll"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"114.66.52.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616001/; classtype:trojan-activity;sid:84479101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616000)"; flow:established,from_client; content:"GET"; http_method; content:"/35buding/139assicc.dll"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"58.87.92.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616000/; classtype:trojan-activity;sid:84479100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615997)"; flow:established,from_client; content:"GET"; http_method; content:"/3/139assicc.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"114.66.56.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615997/; classtype:trojan-activity;sid:84479097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615998)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/139assicc.dll"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"43.248.133.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615998/; classtype:trojan-activity;sid:84479098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615999)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/139assicc.dll"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"43.248.100.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615999/; classtype:trojan-activity;sid:84479099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615996)"; flow:established,from_client; content:"GET"; http_method; content:"/4.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"85.208.84.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615996/; classtype:trojan-activity;sid:84479096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615995)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"85.208.84.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615995/; classtype:trojan-activity;sid:84479095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615994/; classtype:trojan-activity;sid:84479094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615993)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"85.208.84.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615993/; classtype:trojan-activity;sid:84479093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615992)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/3dexplor.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.248.118.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615992/; classtype:trojan-activity;sid:84479092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615990)"; flow:established,from_client; content:"GET"; http_method; content:"/hjbdhuaijiu/3dexplor.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"59.47.231.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615990/; classtype:trojan-activity;sid:84479090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615991)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/3dexplor.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.40.13.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615991/; classtype:trojan-activity;sid:84479091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615989)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"85.208.84.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615989/; classtype:trojan-activity;sid:84479089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.184.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615988/; classtype:trojan-activity;sid:84479088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615987)"; flow:established,from_client; content:"GET"; http_method; content:"/32tgshmrza.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"loe.jujosuu4.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615987/; classtype:trojan-activity;sid:84479087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.190.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615986/; classtype:trojan-activity;sid:84479086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.252.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615985/; classtype:trojan-activity;sid:84479085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615984)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.25.177.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615984/; classtype:trojan-activity;sid:84479084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615983)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.25.177.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615983/; classtype:trojan-activity;sid:84479083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615981)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.25.177.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615981/; classtype:trojan-activity;sid:84479081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615982)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.25.177.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615982/; classtype:trojan-activity;sid:84479082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615979)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.25.177.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615979/; classtype:trojan-activity;sid:84479079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615980)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.25.177.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615980/; classtype:trojan-activity;sid:84479080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615978)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/3dexplor.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"114.66.44.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615978/; classtype:trojan-activity;sid:84479078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615977)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615977/; classtype:trojan-activity;sid:84479077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615976)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615976/; classtype:trojan-activity;sid:84479076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615964)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615964/; classtype:trojan-activity;sid:84479064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615965)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615965/; classtype:trojan-activity;sid:84479065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615966)"; flow:established,from_client; content:"GET"; http_method; content:"/n"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615966/; classtype:trojan-activity;sid:84479066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615967)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615967/; classtype:trojan-activity;sid:84479067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615968)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615968/; classtype:trojan-activity;sid:84479068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615969)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615969/; classtype:trojan-activity;sid:84479069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615970)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615970/; classtype:trojan-activity;sid:84479070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615971)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615971/; classtype:trojan-activity;sid:84479071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615972)"; flow:established,from_client; content:"GET"; http_method; content:"/nsh"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615972/; classtype:trojan-activity;sid:84479072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615973)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615973/; classtype:trojan-activity;sid:84479073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615974)"; flow:established,from_client; content:"GET"; http_method; content:"/linnn"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615974/; classtype:trojan-activity;sid:84479074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615975)"; flow:established,from_client; content:"GET"; http_method; content:"/ftpget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615975/; classtype:trojan-activity;sid:84479075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615960)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.i586"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615960/; classtype:trojan-activity;sid:84479060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615961)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615961/; classtype:trojan-activity;sid:84479061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615962)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.armv4l"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615962/; classtype:trojan-activity;sid:84479062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615963)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.armv5l"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615963/; classtype:trojan-activity;sid:84479063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615959)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.armv7l"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615959/; classtype:trojan-activity;sid:84479059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615957)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615957/; classtype:trojan-activity;sid:84479057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615958)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615958/; classtype:trojan-activity;sid:84479058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615956)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bot.armv6l"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615956/; classtype:trojan-activity;sid:84479056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615955)"; flow:established,from_client; content:"GET"; http_method; content:"/z/info.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615955/; classtype:trojan-activity;sid:84479055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.74.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615954/; classtype:trojan-activity;sid:84479054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615953)"; flow:established,from_client; content:"GET"; http_method; content:"/win.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.97.89.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615953/; classtype:trojan-activity;sid:84479053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615952)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615952/; classtype:trojan-activity;sid:84479052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615951)"; flow:established,from_client; content:"GET"; http_method; content:"/update.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.97.89.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615951/; classtype:trojan-activity;sid:84479051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615949)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615949/; classtype:trojan-activity;sid:84479049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615950)"; flow:established,from_client; content:"GET"; http_method; content:"/dddd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615950/; classtype:trojan-activity;sid:84479050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615943)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615943/; classtype:trojan-activity;sid:84479043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615944)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615944/; classtype:trojan-activity;sid:84479044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615945)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615945/; classtype:trojan-activity;sid:84479045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615946)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615946/; classtype:trojan-activity;sid:84479046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615947)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615947/; classtype:trojan-activity;sid:84479047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615948)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615948/; classtype:trojan-activity;sid:84479048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615942)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615942/; classtype:trojan-activity;sid:84479042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615940)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615940/; classtype:trojan-activity;sid:84479040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615941)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615941/; classtype:trojan-activity;sid:84479041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615938)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615938/; classtype:trojan-activity;sid:84479038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615939)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615939/; classtype:trojan-activity;sid:84479039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615937)"; flow:established,from_client; content:"GET"; http_method; content:"/index.ps1"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.97.89.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615937/; classtype:trojan-activity;sid:84479037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.16.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615936/; classtype:trojan-activity;sid:84479036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615934)"; flow:established,from_client; content:"GET"; http_method; content:"/files/740061926/ojjvpn1.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615934/; classtype:trojan-activity;sid:84479034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615935)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8061402479/xo50qoo.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615935/; classtype:trojan-activity;sid:84479035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615933)"; flow:established,from_client; content:"GET"; http_method; content:"/files/rdx/random.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615933/; classtype:trojan-activity;sid:84479033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.252.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615932/; classtype:trojan-activity;sid:84479032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615930)"; flow:established,from_client; content:"GET"; http_method; content:"/pure.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"144.172.116.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615930/; classtype:trojan-activity;sid:84479030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615931)"; flow:established,from_client; content:"GET"; http_method; content:"/lunacacha"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"144.172.116.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615931/; classtype:trojan-activity;sid:84479031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.189.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615929/; classtype:trojan-activity;sid:84479029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.169.234.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615928/; classtype:trojan-activity;sid:84479028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.185.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615927/; classtype:trojan-activity;sid:84479027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615922)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615922/; classtype:trojan-activity;sid:84479022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615923)"; flow:established,from_client; content:"GET"; http_method; content:"/update.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615923/; classtype:trojan-activity;sid:84479023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615924)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615924/; classtype:trojan-activity;sid:84479024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615925)"; flow:established,from_client; content:"GET"; http_method; content:"/aa.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615925/; classtype:trojan-activity;sid:84479025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615926)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615926/; classtype:trojan-activity;sid:84479026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615921)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615921/; classtype:trojan-activity;sid:84479021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615920)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/139assicc.dll"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"110.42.39.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615920/; classtype:trojan-activity;sid:84479020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615919)"; flow:established,from_client; content:"GET"; http_method; content:"/cs2/client/cobaltstrike.jar"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"39.105.36.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615919/; classtype:trojan-activity;sid:84479019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615918)"; flow:established,from_client; content:"GET"; http_method; content:"/cs2/client/cobaltstrike-client.jar"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"39.105.36.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615918/; classtype:trojan-activity;sid:84479018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615917/; classtype:trojan-activity;sid:84479017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615916)"; flow:established,from_client; content:"GET"; http_method; content:"/ew_for_linux32"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.105.36.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615916/; classtype:trojan-activity;sid:84479016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.118.61.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615915/; classtype:trojan-activity;sid:84479015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615913)"; flow:established,from_client; content:"GET"; http_method; content:"/windows_x64_admin.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"39.105.36.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615913/; classtype:trojan-activity;sid:84479013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.171.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615914/; classtype:trojan-activity;sid:84479014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.247.222.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615910/; classtype:trojan-activity;sid:84479010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.6.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615911/; classtype:trojan-activity;sid:84479011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.107.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615912/; classtype:trojan-activity;sid:84479012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.226.129.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615909/; classtype:trojan-activity;sid:84479009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615906)"; flow:established,from_client; content:"GET"; http_method; content:"/ew_for_linux64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.105.36.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615906/; classtype:trojan-activity;sid:84479006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615907)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.i686"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615907/; classtype:trojan-activity;sid:84479007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615908)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv6l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615908/; classtype:trojan-activity;sid:84479008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.80.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615905/; classtype:trojan-activity;sid:84479005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.102.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615904/; classtype:trojan-activity;sid:84479004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.6.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615902/; classtype:trojan-activity;sid:84479002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.180.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615903/; classtype:trojan-activity;sid:84479003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.186.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615901/; classtype:trojan-activity;sid:84479001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615898)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.15.12.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615898/; classtype:trojan-activity;sid:84478998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.15.12.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615899/; classtype:trojan-activity;sid:84478999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"184.171.219.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615900/; classtype:trojan-activity;sid:84479000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615895)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615895/; classtype:trojan-activity;sid:84478995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615896)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mipsel"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615896/; classtype:trojan-activity;sid:84478996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615897)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv4l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615897/; classtype:trojan-activity;sid:84478997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.0.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615894/; classtype:trojan-activity;sid:84478994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.28.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615893/; classtype:trojan-activity;sid:84478993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.8.224.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615892/; classtype:trojan-activity;sid:84478992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.115.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615891/; classtype:trojan-activity;sid:84478991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.70.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615890/; classtype:trojan-activity;sid:84478990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.158.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615889/; classtype:trojan-activity;sid:84478989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.39.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615888/; classtype:trojan-activity;sid:84478988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615872)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615872/; classtype:trojan-activity;sid:84478972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615873)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.111.248.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615873/; classtype:trojan-activity;sid:84478973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615874)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.208.162.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615874/; classtype:trojan-activity;sid:84478974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615875)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"193.111.248.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615875/; classtype:trojan-activity;sid:84478975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615876)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"193.111.248.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615876/; classtype:trojan-activity;sid:84478976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615877)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"193.111.248.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615877/; classtype:trojan-activity;sid:84478977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615878)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.111.248.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615878/; classtype:trojan-activity;sid:84478978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615879)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615879/; classtype:trojan-activity;sid:84478979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615880)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.111.248.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615880/; classtype:trojan-activity;sid:84478980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615881)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"193.111.248.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615881/; classtype:trojan-activity;sid:84478981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615882)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.111.248.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615882/; classtype:trojan-activity;sid:84478982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615883)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615883/; classtype:trojan-activity;sid:84478983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615884)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615884/; classtype:trojan-activity;sid:84478984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615885)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.111.248.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615885/; classtype:trojan-activity;sid:84478985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615886)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615886/; classtype:trojan-activity;sid:84478986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615887)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"193.111.248.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615887/; classtype:trojan-activity;sid:84478987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615871)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"193.111.248.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615871/; classtype:trojan-activity;sid:84478971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615869)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615869/; classtype:trojan-activity;sid:84478969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615870)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615870/; classtype:trojan-activity;sid:84478970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615868)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615868/; classtype:trojan-activity;sid:84478968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.196.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615867/; classtype:trojan-activity;sid:84478967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.70.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615866/; classtype:trojan-activity;sid:84478966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.115.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615865/; classtype:trojan-activity;sid:84478965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.193.170.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615864/; classtype:trojan-activity;sid:84478964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.184.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615863/; classtype:trojan-activity;sid:84478963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.80.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615862/; classtype:trojan-activity;sid:84478962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615861)"; flow:established,from_client; content:"GET"; http_method; content:"/wu2hkmdkqc.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"loe.jujosuu4.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615861/; classtype:trojan-activity;sid:84478961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.164.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615860/; classtype:trojan-activity;sid:84478960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.64.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615859/; classtype:trojan-activity;sid:84478959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.64.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615858/; classtype:trojan-activity;sid:84478958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.193.170.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615857/; classtype:trojan-activity;sid:84478957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.218.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615856/; classtype:trojan-activity;sid:84478956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615855)"; flow:established,from_client; content:"GET"; http_method; content:"/r665regiq0.flac"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"loe.jujosuu4.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615855/; classtype:trojan-activity;sid:84478955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.64.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615854/; classtype:trojan-activity;sid:84478954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.198.133.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615853/; classtype:trojan-activity;sid:84478953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.82.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615852/; classtype:trojan-activity;sid:84478952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.218.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615851/; classtype:trojan-activity;sid:84478951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.146.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615850/; classtype:trojan-activity;sid:84478950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.242.6.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615849/; classtype:trojan-activity;sid:84478949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.133.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615848/; classtype:trojan-activity;sid:84478948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.190.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615847/; classtype:trojan-activity;sid:84478947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615825)"; flow:established,from_client; content:"GET"; http_method; content:"/ajax/pixi.min.js"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"info-2go.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615825/; classtype:trojan-activity;sid:84478925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615814)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv5l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615814/; classtype:trojan-activity;sid:84478914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.79.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615804/; classtype:trojan-activity;sid:84478904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615803)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv7l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615803/; classtype:trojan-activity;sid:84478903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615802)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.i586"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.83.240.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615802/; classtype:trojan-activity;sid:84478902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615719)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.112.206.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615719/; classtype:trojan-activity;sid:84478819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.48.62.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615711/; classtype:trojan-activity;sid:84478811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.30.194.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615712/; classtype:trojan-activity;sid:84478812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.137.171.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615706/; classtype:trojan-activity;sid:84478806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.97.162.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615703/; classtype:trojan-activity;sid:84478803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615642)"; flow:established,from_client; content:"GET"; http_method; content:"/48e.lim"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.102.115.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615642/; classtype:trojan-activity;sid:84478742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615611)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xdbcvdei"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615611/; classtype:trojan-activity;sid:84478711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615557)"; flow:established,from_client; content:"GET"; http_method; content:"/48e.lim"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.102.115.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615557/; classtype:trojan-activity;sid:84478657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615556)"; flow:established,from_client; content:"GET"; http_method; content:"/files/784403925/k8kgyaj.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615556/; classtype:trojan-activity;sid:84478656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.113.82.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615550/; classtype:trojan-activity;sid:84478650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"131.241.88.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615547/; classtype:trojan-activity;sid:84478647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.77.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615545/; classtype:trojan-activity;sid:84478645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615540)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615540/; classtype:trojan-activity;sid:84478640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"131.241.88.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615528/; classtype:trojan-activity;sid:84478628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615501)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"107.174.212.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615501/; classtype:trojan-activity;sid:84478601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.15.52.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615481/; classtype:trojan-activity;sid:84478581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.52.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615475/; classtype:trojan-activity;sid:84478575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615468)"; flow:established,from_client; content:"GET"; http_method; content:"/h2/jay.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.73.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615468/; classtype:trojan-activity;sid:84478568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615467)"; flow:established,from_client; content:"GET"; http_method; content:"/nativeee.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"107.174.212.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615467/; classtype:trojan-activity;sid:84478567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615466)"; flow:established,from_client; content:"GET"; http_method; content:"/nr9tb5/nr9tb5mde2/x16xyh1251.js"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"contadorgfa.organiccrap.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615466/; classtype:trojan-activity;sid:84478566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615461)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.20.103.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615461/; classtype:trojan-activity;sid:84478561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615456)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.20.103.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615456/; classtype:trojan-activity;sid:84478556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615455)"; flow:established,from_client; content:"GET"; http_method; content:"/v19239.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.55.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615455/; classtype:trojan-activity;sid:84478555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615434)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8434554557/2c8fjyq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615434/; classtype:trojan-activity;sid:84478534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.99.182.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615419/; classtype:trojan-activity;sid:84478519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.99.182.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615415/; classtype:trojan-activity;sid:84478515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615413)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615413/; classtype:trojan-activity;sid:84478513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615412)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615412/; classtype:trojan-activity;sid:84478512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615411)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615411/; classtype:trojan-activity;sid:84478511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615409)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615409/; classtype:trojan-activity;sid:84478509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615404)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615404/; classtype:trojan-activity;sid:84478504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615405)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615405/; classtype:trojan-activity;sid:84478505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615406)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615406/; classtype:trojan-activity;sid:84478506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615407)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615407/; classtype:trojan-activity;sid:84478507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615408)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615408/; classtype:trojan-activity;sid:84478508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615378)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.20.103.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615378/; classtype:trojan-activity;sid:84478478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615377)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.20.103.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615377/; classtype:trojan-activity;sid:84478477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.88.129.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615367/; classtype:trojan-activity;sid:84478467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615327)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.94.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615327/; classtype:trojan-activity;sid:84478427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615324)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"20.2.220.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615324/; classtype:trojan-activity;sid:84478424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615325)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.238.243.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615325/; classtype:trojan-activity;sid:84478425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615306)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.109.44.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615306/; classtype:trojan-activity;sid:84478406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615250)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.153.69.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615250/; classtype:trojan-activity;sid:84478350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615239)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/img/6957b95c3.res"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"futurenaturallistic.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615239/; classtype:trojan-activity;sid:84478339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615238)"; flow:established,from_client; content:"GET"; http_method; content:"/bracket.sym"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"futurenaturallistic.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615238/; classtype:trojan-activity;sid:84478338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615225)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.153.69.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615225/; classtype:trojan-activity;sid:84478325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615227)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.153.69.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615227/; classtype:trojan-activity;sid:84478327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615228)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.153.69.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615228/; classtype:trojan-activity;sid:84478328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615230)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.153.69.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615230/; classtype:trojan-activity;sid:84478330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615231)"; flow:established,from_client; content:"GET"; http_method; content:"/fdbnjgcergf1.rar"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"zakypky-ru-info.website"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615231/; classtype:trojan-activity;sid:84478331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.70.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615178/; classtype:trojan-activity;sid:84478278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615169)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.20.103.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615169/; classtype:trojan-activity;sid:84478269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615168)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.20.103.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615168/; classtype:trojan-activity;sid:84478268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615161)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.20.103.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615161/; classtype:trojan-activity;sid:84478261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615162)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.20.103.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615162/; classtype:trojan-activity;sid:84478262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615163)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.20.103.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615163/; classtype:trojan-activity;sid:84478263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615164)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.20.103.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615164/; classtype:trojan-activity;sid:84478264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615124)"; flow:established,from_client; content:"GET"; http_method; content:"/host/modecryptt.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.73.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615124/; classtype:trojan-activity;sid:84478224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.17.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615108/; classtype:trojan-activity;sid:84478208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615073)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615073/; classtype:trojan-activity;sid:84478173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615074)"; flow:established,from_client; content:"GET"; http_method; content:"/8.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615074/; classtype:trojan-activity;sid:84478174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615072)"; flow:established,from_client; content:"GET"; http_method; content:"/zx.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615072/; classtype:trojan-activity;sid:84478172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615070)"; flow:established,from_client; content:"GET"; http_method; content:"/bcl.pfx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615070/; classtype:trojan-activity;sid:84478170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615068)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615068/; classtype:trojan-activity;sid:84478168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615069)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615069/; classtype:trojan-activity;sid:84478169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615058)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.120.191.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615058/; classtype:trojan-activity;sid:84478158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615044)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.120.191.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615044/; classtype:trojan-activity;sid:84478144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615046)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.120.191.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615046/; classtype:trojan-activity;sid:84478146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615047)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.120.191.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615047/; classtype:trojan-activity;sid:84478147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615048)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.120.191.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615048/; classtype:trojan-activity;sid:84478148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615049)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.120.191.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615049/; classtype:trojan-activity;sid:84478149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615050)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.120.191.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615050/; classtype:trojan-activity;sid:84478150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615051)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.120.191.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615051/; classtype:trojan-activity;sid:84478151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615056)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.120.191.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615056/; classtype:trojan-activity;sid:84478156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614989)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.142.148.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3614989/; classtype:trojan-activity;sid:84478089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614968)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.142.148.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3614968/; classtype:trojan-activity;sid:84478068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614969)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.142.148.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3614969/; classtype:trojan-activity;sid:84478069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614970)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.142.148.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3614970/; classtype:trojan-activity;sid:84478070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614966)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.142.148.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3614966/; classtype:trojan-activity;sid:84478066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614961)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.142.148.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3614961/; classtype:trojan-activity;sid:84478061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614962)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.142.148.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3614962/; classtype:trojan-activity;sid:84478062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614963)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.142.148.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3614963/; classtype:trojan-activity;sid:84478063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614964)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.142.148.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3614964/; classtype:trojan-activity;sid:84478064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614965)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.142.148.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3614965/; classtype:trojan-activity;sid:84478065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.156.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614931/; classtype:trojan-activity;sid:84478031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614910)"; flow:established,from_client; content:"GET"; http_method; content:"/a/armv4l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.31.222.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614910/; classtype:trojan-activity;sid:84478010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614911)"; flow:established,from_client; content:"GET"; http_method; content:"/a/powerpc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.31.222.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614911/; classtype:trojan-activity;sid:84478011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614912)"; flow:established,from_client; content:"GET"; http_method; content:"/a/i686"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.31.222.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614912/; classtype:trojan-activity;sid:84478012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614913)"; flow:established,from_client; content:"GET"; http_method; content:"/a/armv7l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.31.222.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614913/; classtype:trojan-activity;sid:84478013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614914)"; flow:established,from_client; content:"GET"; http_method; content:"/a/armv5l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.31.222.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614914/; classtype:trojan-activity;sid:84478014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614915)"; flow:established,from_client; content:"GET"; http_method; content:"/a/aarch64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.31.222.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614915/; classtype:trojan-activity;sid:84478015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614916)"; flow:established,from_client; content:"GET"; http_method; content:"/a/mips64"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.31.222.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614916/; classtype:trojan-activity;sid:84478016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614906/; classtype:trojan-activity;sid:84478006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614894)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.153.69.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614894/; classtype:trojan-activity;sid:84477994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614884)"; flow:established,from_client; content:"GET"; http_method; content:"/a/mips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.31.222.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614884/; classtype:trojan-activity;sid:84477984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614890)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.153.69.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614890/; classtype:trojan-activity;sid:84477990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.2.5.54"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614866/; classtype:trojan-activity;sid:84477966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.143.189.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614863/; classtype:trojan-activity;sid:84477963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614855)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.165.170.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614855/; classtype:trojan-activity;sid:84477955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.239.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614810/; classtype:trojan-activity;sid:84477910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614703)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/img/9952e53658b97e85.txt"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"cf-2-up.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614703/; classtype:trojan-activity;sid:84477803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614701)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique4/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614701/; classtype:trojan-activity;sid:84477801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614697)"; flow:established,from_client; content:"GET"; http_method; content:"/windowsupdate.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"129.152.20.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614697/; classtype:trojan-activity;sid:84477797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614696)"; flow:established,from_client; content:"GET"; http_method; content:"/windows.x64.silent.cpu.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"129.152.20.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614696/; classtype:trojan-activity;sid:84477796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614632/; classtype:trojan-activity;sid:84477732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614609)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614609/; classtype:trojan-activity;sid:84477709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614604)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614604/; classtype:trojan-activity;sid:84477704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614589)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614589/; classtype:trojan-activity;sid:84477689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614580)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614580/; classtype:trojan-activity;sid:84477680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614507)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.170.245.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614507/; classtype:trojan-activity;sid:84477607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614508)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.170.245.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614508/; classtype:trojan-activity;sid:84477608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614509)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.170.245.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614509/; classtype:trojan-activity;sid:84477609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614505)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.170.245.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614505/; classtype:trojan-activity;sid:84477605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614506)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.170.245.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614506/; classtype:trojan-activity;sid:84477606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.77.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614492/; classtype:trojan-activity;sid:84477592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.221.201.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614460/; classtype:trojan-activity;sid:84477560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614421)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614421/; classtype:trojan-activity;sid:84477521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614420)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614420/; classtype:trojan-activity;sid:84477520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614418)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614418/; classtype:trojan-activity;sid:84477518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614408)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614408/; classtype:trojan-activity;sid:84477508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614397)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614397/; classtype:trojan-activity;sid:84477497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614398)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614398/; classtype:trojan-activity;sid:84477498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614399)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614399/; classtype:trojan-activity;sid:84477499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614400)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614400/; classtype:trojan-activity;sid:84477500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614401)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614401/; classtype:trojan-activity;sid:84477501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614402)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614402/; classtype:trojan-activity;sid:84477502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614403)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614403/; classtype:trojan-activity;sid:84477503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614404)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614404/; classtype:trojan-activity;sid:84477504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614396)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.176.94.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614396/; classtype:trojan-activity;sid:84477496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614393)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614393/; classtype:trojan-activity;sid:84477493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614386)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"179.43.186.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614386/; classtype:trojan-activity;sid:84477486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614385)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.136.139.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614385/; classtype:trojan-activity;sid:84477485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.53.43.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614380/; classtype:trojan-activity;sid:84477480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.139.107.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614378/; classtype:trojan-activity;sid:84477478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614373)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.174.221.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614373/; classtype:trojan-activity;sid:84477473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614377)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.174.143.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614377/; classtype:trojan-activity;sid:84477477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614353)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.237.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614353/; classtype:trojan-activity;sid:84477453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.112.166.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614346/; classtype:trojan-activity;sid:84477446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.7.149.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614347/; classtype:trojan-activity;sid:84477447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.110.149.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614345/; classtype:trojan-activity;sid:84477445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.223.107.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614341/; classtype:trojan-activity;sid:84477441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"69.125.156.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614340/; classtype:trojan-activity;sid:84477440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614282)"; flow:established,from_client; content:"GET"; http_method; content:"/api/v1/download/file.json/mzjfndu3ndewnzjf|3f|temp_key=x%22%1e%8b%b5%ef%b6%e2|7c|26|7c|inline=0"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"web.opendrive.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614282/; classtype:trojan-activity;sid:84477382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614281)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sqwtoax7melpzebwepm4ot7_p8olpza-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614281/; classtype:trojan-activity;sid:84477381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614280)"; flow:established,from_client; content:"GET"; http_method; content:"/d/mzjfndu3ndewnzjf/dvgihou177.bin"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"od.lk"; http_host; depth:5; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614280/; classtype:trojan-activity;sid:84477380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.153.39.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614254/; classtype:trojan-activity;sid:84477354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614244)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.176.94.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614244/; classtype:trojan-activity;sid:84477344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614245)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.176.94.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614245/; classtype:trojan-activity;sid:84477345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614246)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.176.94.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614246/; classtype:trojan-activity;sid:84477346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614247)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.176.94.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614247/; classtype:trojan-activity;sid:84477347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614248)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.176.94.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614248/; classtype:trojan-activity;sid:84477348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614229)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.176.94.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614229/; classtype:trojan-activity;sid:84477329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614216)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.176.94.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614216/; classtype:trojan-activity;sid:84477316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614217)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.176.94.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614217/; classtype:trojan-activity;sid:84477317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614220)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.176.94.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614220/; classtype:trojan-activity;sid:84477320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614221)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.176.94.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614221/; classtype:trojan-activity;sid:84477321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614204)"; flow:established,from_client; content:"GET"; http_method; content:"/namc2931-group/namc2931-project/-/raw/main/t1-new.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614204/; classtype:trojan-activity;sid:84477304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614199)"; flow:established,from_client; content:"GET"; http_method; content:"/827-mh1-3t/827/main/t1.png"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614199/; classtype:trojan-activity;sid:84477299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614182)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.176.94.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614182/; classtype:trojan-activity;sid:84477282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.109.161.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614130/; classtype:trojan-activity;sid:84477230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.109.161.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614133/; classtype:trojan-activity;sid:84477233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.241.143.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614124/; classtype:trojan-activity;sid:84477224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.241.143.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614114/; classtype:trojan-activity;sid:84477214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614081)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.16.55.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614081/; classtype:trojan-activity;sid:84477181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614077)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.55.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614077/; classtype:trojan-activity;sid:84477177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614078)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.55.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614078/; classtype:trojan-activity;sid:84477178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614058)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.16.55.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614058/; classtype:trojan-activity;sid:84477158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613890)"; flow:established,from_client; content:"GET"; http_method; content:"/ajax/pixi.min.js"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"couturellin.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613890/; classtype:trojan-activity;sid:84476990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613886)"; flow:established,from_client; content:"GET"; http_method; content:"/coil.snupkg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"humble-photo.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613886/; classtype:trojan-activity;sid:84476986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613887)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/img/fe99357658356062.txt"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"humble-photo.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613887/; classtype:trojan-activity;sid:84476987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.228.190.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613867/; classtype:trojan-activity;sid:84476967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.228.190.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613865/; classtype:trojan-activity;sid:84476965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.255.46.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613830/; classtype:trojan-activity;sid:84476930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.78.11.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613733/; classtype:trojan-activity;sid:84476833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613728)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.144.15.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613728/; classtype:trojan-activity;sid:84476828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613726)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.144.15.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613726/; classtype:trojan-activity;sid:84476826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613711)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.144.15.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613711/; classtype:trojan-activity;sid:84476811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613712)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.144.15.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613712/; classtype:trojan-activity;sid:84476812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613710)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.144.15.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613710/; classtype:trojan-activity;sid:84476810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613703)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.144.15.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613703/; classtype:trojan-activity;sid:84476803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613704)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.144.15.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613704/; classtype:trojan-activity;sid:84476804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613705)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.144.15.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613705/; classtype:trojan-activity;sid:84476805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613706)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.144.15.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613706/; classtype:trojan-activity;sid:84476806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613707)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.144.15.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613707/; classtype:trojan-activity;sid:84476807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613708)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.144.15.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613708/; classtype:trojan-activity;sid:84476808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613709)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.144.15.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613709/; classtype:trojan-activity;sid:84476809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613700)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/keyscramblerie.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"213.165.60.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613700/; classtype:trojan-activity;sid:84476800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613696)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.71.159.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613696/; classtype:trojan-activity;sid:84476796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613693)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"42.51.45.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613693/; classtype:trojan-activity;sid:84476793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.126.1.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613683/; classtype:trojan-activity;sid:84476783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.231.61.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613664/; classtype:trojan-activity;sid:84476764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613660)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/img/fe99357658356062.txt"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"spider-wamp.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613660/; classtype:trojan-activity;sid:84476760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613649)"; flow:established,from_client; content:"GET"; http_method; content:"/ajax/pixi.min.js"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"linomu.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613649/; classtype:trojan-activity;sid:84476749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613648)"; flow:established,from_client; content:"GET"; http_method; content:"/share.pdb"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"spider-wamp.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613648/; classtype:trojan-activity;sid:84476748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.193.170.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613645/; classtype:trojan-activity;sid:84476745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.193.170.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613623/; classtype:trojan-activity;sid:84476723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613494)"; flow:established,from_client; content:"GET"; http_method; content:"/peterson643eu/projecttop/refs/heads/main/zjqppajn.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613494/; classtype:trojan-activity;sid:84476594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.70.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613425/; classtype:trojan-activity;sid:84476525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.219.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613396/; classtype:trojan-activity;sid:84476496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613391)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.188.215.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613391/; classtype:trojan-activity;sid:84476491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.219.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613384/; classtype:trojan-activity;sid:84476484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.241.143.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613250/; classtype:trojan-activity;sid:84476350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.104.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613226/; classtype:trojan-activity;sid:84476326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613221)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.83.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613221/; classtype:trojan-activity;sid:84476321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.6.130.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613217/; classtype:trojan-activity;sid:84476317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.43.76.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613214/; classtype:trojan-activity;sid:84476314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.102.214.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613213/; classtype:trojan-activity;sid:84476313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.104.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613212/; classtype:trojan-activity;sid:84476312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.183.196.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613189/; classtype:trojan-activity;sid:84476289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613169)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"64.188.8.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613169/; classtype:trojan-activity;sid:84476269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613170)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"64.188.8.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613170/; classtype:trojan-activity;sid:84476270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613171)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"64.188.8.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613171/; classtype:trojan-activity;sid:84476271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613173)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"64.188.8.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613173/; classtype:trojan-activity;sid:84476273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613174)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.188.8.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613174/; classtype:trojan-activity;sid:84476274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613164)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.188.8.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613164/; classtype:trojan-activity;sid:84476264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613165)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"64.188.8.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613165/; classtype:trojan-activity;sid:84476265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613166)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"64.188.8.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613166/; classtype:trojan-activity;sid:84476266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613167)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.188.8.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613167/; classtype:trojan-activity;sid:84476267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613168)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.188.8.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613168/; classtype:trojan-activity;sid:84476268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.241.143.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613134/; classtype:trojan-activity;sid:84476234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613113)"; flow:established,from_client; content:"GET"; http_method; content:"/setup_v2025.dmg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"uploadtree.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613113/; classtype:trojan-activity;sid:84476213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613061/; classtype:trojan-activity;sid:84476161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613021/; classtype:trojan-activity;sid:84476121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613008)"; flow:established,from_client; content:"GET"; http_method; content:"/emmmmmmmmbig.txt"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"107.174.212.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613008/; classtype:trojan-activity;sid:84476108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613000)"; flow:established,from_client; content:"GET"; http_method; content:"/update.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"87.106.52.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613000/; classtype:trojan-activity;sid:84476100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612998)"; flow:established,from_client; content:"GET"; http_method; content:"/msi.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.106.52.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3612998/; classtype:trojan-activity;sid:84476098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612967)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7559408112/ji3j2il.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3612967/; classtype:trojan-activity;sid:84476067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612963)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3612963/; classtype:trojan-activity;sid:84476063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.183.196.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3612924/; classtype:trojan-activity;sid:84476024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612895)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"178.16.54.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3612895/; classtype:trojan-activity;sid:84475995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612830)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/img/fe99357658356062.txt"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"stradomi.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612830/; classtype:trojan-activity;sid:84475930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612828)"; flow:established,from_client; content:"GET"; http_method; content:"/ajax/pixi.min.js"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"shark-watewer.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612828/; classtype:trojan-activity;sid:84475928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612829)"; flow:established,from_client; content:"GET"; http_method; content:"/solve.pdb"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"stradomi.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612829/; classtype:trojan-activity;sid:84475929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612715)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"220.244.1.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612715/; classtype:trojan-activity;sid:84475815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612710)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"220.240.142.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612710/; classtype:trojan-activity;sid:84475810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612704)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"220.244.1.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612704/; classtype:trojan-activity;sid:84475804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.129.90.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612700/; classtype:trojan-activity;sid:84475800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612694)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"220.240.142.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612694/; classtype:trojan-activity;sid:84475794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612695)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/installers%20apk/av.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"220.240.142.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612695/; classtype:trojan-activity;sid:84475795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612684)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"220.240.142.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612684/; classtype:trojan-activity;sid:84475784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612686)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/installers%20apk/video.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"220.240.142.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612686/; classtype:trojan-activity;sid:84475786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612687)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/installers%20apk/photo.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"220.240.142.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612687/; classtype:trojan-activity;sid:84475787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612688)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/loader/photo.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"220.244.1.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612688/; classtype:trojan-activity;sid:84475788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612689)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/loader/av.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"220.244.1.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612689/; classtype:trojan-activity;sid:84475789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612679)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/installers%20apk/photo.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"220.240.142.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612679/; classtype:trojan-activity;sid:84475779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612680)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/installers%20apk/av.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"220.240.142.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612680/; classtype:trojan-activity;sid:84475780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612670)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/loader/video.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"220.244.1.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612670/; classtype:trojan-activity;sid:84475770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612675)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/loader/video.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"220.244.1.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612675/; classtype:trojan-activity;sid:84475775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612665)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/loader/av.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"220.244.1.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612665/; classtype:trojan-activity;sid:84475765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612666)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/loader/photo.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"220.244.1.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612666/; classtype:trojan-activity;sid:84475766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612659)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"220.240.142.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612659/; classtype:trojan-activity;sid:84475759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612650)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/installers%20apk/video.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"220.240.142.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612650/; classtype:trojan-activity;sid:84475750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.36.197.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612595/; classtype:trojan-activity;sid:84475695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.110.78.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612591/; classtype:trojan-activity;sid:84475691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.129.90.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612567/; classtype:trojan-activity;sid:84475667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612531)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.231.61.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612531/; classtype:trojan-activity;sid:84475631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.226.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612526/; classtype:trojan-activity;sid:84475626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612438)"; flow:established,from_client; content:"GET"; http_method; content:"/tuesdaycumday.vbs"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"107.174.212.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612438/; classtype:trojan-activity;sid:84475538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612436)"; flow:established,from_client; content:"GET"; http_method; content:"/804zkaql0ai6fbr.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612436/; classtype:trojan-activity;sid:84475536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612435)"; flow:established,from_client; content:"GET"; http_method; content:"/ucoaigy7on5dnxn.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612435/; classtype:trojan-activity;sid:84475535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612434)"; flow:established,from_client; content:"GET"; http_method; content:"/y1vrmu2so8u0b5a.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612434/; classtype:trojan-activity;sid:84475534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.163.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612431/; classtype:trojan-activity;sid:84475531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.163.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612429/; classtype:trojan-activity;sid:84475529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612385)"; flow:established,from_client; content:"GET"; http_method; content:"/images/sot/m/git.msi"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"chifacanton.phuyufact.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612385/; classtype:trojan-activity;sid:84475485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612384)"; flow:established,from_client; content:"GET"; http_method; content:"/images/sot/b/quickcliq32.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"chifacanton.phuyufact.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612384/; classtype:trojan-activity;sid:84475484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612383)"; flow:established,from_client; content:"GET"; http_method; content:"/images/sot/d/cptuxpn.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"chifacanton.phuyufact.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612383/; classtype:trojan-activity;sid:84475483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612382)"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/acme-challenge/py/stubsmtp4.enc"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"ortopie.phuyufact.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612382/; classtype:trojan-activity;sid:84475482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612374)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6691015685/sqnhmrp.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612374/; classtype:trojan-activity;sid:84475474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612346)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.87.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612346/; classtype:trojan-activity;sid:84475446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612338)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5900855435/yxj9hvg.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612338/; classtype:trojan-activity;sid:84475438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612341)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612341/; classtype:trojan-activity;sid:84475441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612342)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612342/; classtype:trojan-activity;sid:84475442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612325/; classtype:trojan-activity;sid:84475425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612321/; classtype:trojan-activity;sid:84475421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.23.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612291/; classtype:trojan-activity;sid:84475391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612283)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612283/; classtype:trojan-activity;sid:84475383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612284)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"160.250.134.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612284/; classtype:trojan-activity;sid:84475384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"74.214.56.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612274/; classtype:trojan-activity;sid:84475374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.214.56.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612268/; classtype:trojan-activity;sid:84475368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.28.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612251/; classtype:trojan-activity;sid:84475351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.28.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612243/; classtype:trojan-activity;sid:84475343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.200.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3612224/; classtype:trojan-activity;sid:84475324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612021)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.207.193.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3612021/; classtype:trojan-activity;sid:84475121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.164.102.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611998/; classtype:trojan-activity;sid:84475098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.61.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611996/; classtype:trojan-activity;sid:84475096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.61.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611994/; classtype:trojan-activity;sid:84475094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611983)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.87.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611983/; classtype:trojan-activity;sid:84475083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611980)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.87.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611980/; classtype:trojan-activity;sid:84475080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611978)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.87.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611978/; classtype:trojan-activity;sid:84475078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611979)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.87.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611979/; classtype:trojan-activity;sid:84475079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611969)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/686i"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.54.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611969/; classtype:trojan-activity;sid:84475069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611964)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lespim"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"178.16.54.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611964/; classtype:trojan-activity;sid:84475064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611959)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.87.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611959/; classtype:trojan-activity;sid:84475059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611960)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.87.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611960/; classtype:trojan-activity;sid:84475060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611954)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.87.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611954/; classtype:trojan-activity;sid:84475054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611955)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.87.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611955/; classtype:trojan-activity;sid:84475055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611956)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.87.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611956/; classtype:trojan-activity;sid:84475056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611957)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.87.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611957/; classtype:trojan-activity;sid:84475057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611958)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.87.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611958/; classtype:trojan-activity;sid:84475058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611951)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.87.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611951/; classtype:trojan-activity;sid:84475051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611952)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.87.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611952/; classtype:trojan-activity;sid:84475052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611948)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.87.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611948/; classtype:trojan-activity;sid:84475048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611949)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.87.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611949/; classtype:trojan-activity;sid:84475049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.162.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611880/; classtype:trojan-activity;sid:84474980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.162.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611875/; classtype:trojan-activity;sid:84474975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611861)"; flow:established,from_client; content:"GET"; http_method; content:"/kefir1111112123111/free-fire-menu/releases/download/v3.5.5/free-fire-menu-v3.5.5.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611861/; classtype:trojan-activity;sid:84474961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611796)"; flow:established,from_client; content:"GET"; http_method; content:"/client.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"220.94.145.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611796/; classtype:trojan-activity;sid:84474896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611782)"; flow:established,from_client; content:"GET"; http_method; content:"/client-built.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.233.164.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611782/; classtype:trojan-activity;sid:84474882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611747)"; flow:established,from_client; content:"GET"; http_method; content:"/80/bestgiventhingswithbetterwaysbigthingswithurbestwaysgood.hta"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"192.3.177.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611747/; classtype:trojan-activity;sid:84474847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611745)"; flow:established,from_client; content:"GET"; http_method; content:"/jsmondasyscript.js"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"107.174.212.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611745/; classtype:trojan-activity;sid:84474845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611744)"; flow:established,from_client; content:"GET"; http_method; content:"/u74238pycpcgn9i.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611744/; classtype:trojan-activity;sid:84474844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611695)"; flow:established,from_client; content:"GET"; http_method; content:"/host/modecrypt.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.73.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611695/; classtype:trojan-activity;sid:84474795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611694)"; flow:established,from_client; content:"GET"; http_method; content:"/host/mexxxxnew.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.73.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611694/; classtype:trojan-activity;sid:84474794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611692)"; flow:established,from_client; content:"GET"; http_method; content:"/host/mode.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"196.251.73.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611692/; classtype:trojan-activity;sid:84474792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611659)"; flow:established,from_client; content:"GET"; http_method; content:"/d/akido.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.50.54.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611659/; classtype:trojan-activity;sid:84474759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611631)"; flow:established,from_client; content:"GET"; http_method; content:"/d/akido.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"36.50.54.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611631/; classtype:trojan-activity;sid:84474731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611632)"; flow:established,from_client; content:"GET"; http_method; content:"/d/akido.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.50.54.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611632/; classtype:trojan-activity;sid:84474732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611634)"; flow:established,from_client; content:"GET"; http_method; content:"/d/akido.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.50.54.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611634/; classtype:trojan-activity;sid:84474734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611640)"; flow:established,from_client; content:"GET"; http_method; content:"/d/akido.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"36.50.54.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611640/; classtype:trojan-activity;sid:84474740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611642)"; flow:established,from_client; content:"GET"; http_method; content:"/d/akido.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.50.54.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611642/; classtype:trojan-activity;sid:84474742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611614)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.176.20.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611614/; classtype:trojan-activity;sid:84474714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611604)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"216.224.116.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611604/; classtype:trojan-activity;sid:84474704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611605)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"216.224.116.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611605/; classtype:trojan-activity;sid:84474705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611607)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"216.224.116.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611607/; classtype:trojan-activity;sid:84474707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611592)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"216.224.116.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611592/; classtype:trojan-activity;sid:84474692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611593)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"216.224.116.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611593/; classtype:trojan-activity;sid:84474693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611594)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"216.224.116.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611594/; classtype:trojan-activity;sid:84474694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611596)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"216.224.116.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611596/; classtype:trojan-activity;sid:84474696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611597)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"216.224.116.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611597/; classtype:trojan-activity;sid:84474697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611600)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"216.224.116.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611600/; classtype:trojan-activity;sid:84474700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.79.85.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611544/; classtype:trojan-activity;sid:84474644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.79.85.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_26; reference:url, urlhaus.abuse.ch/url/3611529/; classtype:trojan-activity;sid:84474629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611504)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/usbmmidd_v2.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.amyuni.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611504/; classtype:trojan-activity;sid:84474604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611469)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.84.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611469/; classtype:trojan-activity;sid:84474569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611463)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.238.243.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611463/; classtype:trojan-activity;sid:84474563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.255.198.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611456/; classtype:trojan-activity;sid:84474556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611448)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.23.171.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611448/; classtype:trojan-activity;sid:84474548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.124.94.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611449/; classtype:trojan-activity;sid:84474549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611446)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.234.174.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611446/; classtype:trojan-activity;sid:84474546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611437)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.23.171.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611437/; classtype:trojan-activity;sid:84474537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611349)"; flow:established,from_client; content:"GET"; http_method; content:"/lomnksmb3nx1vns.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611349/; classtype:trojan-activity;sid:84474449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611348)"; flow:established,from_client; content:"GET"; http_method; content:"/k0sdeyezv4jcsom.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611348/; classtype:trojan-activity;sid:84474448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611347)"; flow:established,from_client; content:"GET"; http_method; content:"/pqxiq6ur83thcnx.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611347/; classtype:trojan-activity;sid:84474447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611346)"; flow:established,from_client; content:"GET"; http_method; content:"/mondscript.vbs"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"107.174.212.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611346/; classtype:trojan-activity;sid:84474446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611290)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview++.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"119.91.238.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611290/; classtype:trojan-activity;sid:84474390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611288)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview++.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"101.33.244.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611288/; classtype:trojan-activity;sid:84474388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611287)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview++.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"119.29.147.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611287/; classtype:trojan-activity;sid:84474387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611143)"; flow:established,from_client; content:"GET"; http_method; content:"/host/mex.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"196.251.73.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611143/; classtype:trojan-activity;sid:84474243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611142)"; flow:established,from_client; content:"GET"; http_method; content:"/host/easyproton.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.73.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611142/; classtype:trojan-activity;sid:84474242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611138)"; flow:established,from_client; content:"GET"; http_method; content:"/host/mexxxxx.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.73.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611138/; classtype:trojan-activity;sid:84474238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611139)"; flow:established,from_client; content:"GET"; http_method; content:"/host/proton.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.73.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611139/; classtype:trojan-activity;sid:84474239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611137)"; flow:established,from_client; content:"GET"; http_method; content:"/host/obfuscated%20(21).rar"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"196.251.73.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611137/; classtype:trojan-activity;sid:84474237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611119)"; flow:established,from_client; content:"GET"; http_method; content:"/testmine/random.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611119/; classtype:trojan-activity;sid:84474219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.21.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610906/; classtype:trojan-activity;sid:84474006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.21.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610902/; classtype:trojan-activity;sid:84474002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610901/; classtype:trojan-activity;sid:84474001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610882/; classtype:trojan-activity;sid:84473982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610873)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610873/; classtype:trojan-activity;sid:84473973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610870)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610870/; classtype:trojan-activity;sid:84473970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610869)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610869/; classtype:trojan-activity;sid:84473969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610868)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610868/; classtype:trojan-activity;sid:84473968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610865)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610865/; classtype:trojan-activity;sid:84473965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610834)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.176.20.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610834/; classtype:trojan-activity;sid:84473934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610830)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610830/; classtype:trojan-activity;sid:84473930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610832)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.176.20.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610832/; classtype:trojan-activity;sid:84473932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610829)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610829/; classtype:trojan-activity;sid:84473929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610828)"; flow:established,from_client; content:"GET"; http_method; content:"/kitty.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.84.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610828/; classtype:trojan-activity;sid:84473928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610764)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610764/; classtype:trojan-activity;sid:84473864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610736)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.92.192.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610736/; classtype:trojan-activity;sid:84473836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610729)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"173.254.201.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610729/; classtype:trojan-activity;sid:84473829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.162.61.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610725/; classtype:trojan-activity;sid:84473825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610722)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.237.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610722/; classtype:trojan-activity;sid:84473822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.6.0.100"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610712/; classtype:trojan-activity;sid:84473812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610706)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.237.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610706/; classtype:trojan-activity;sid:84473806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.114.103.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610697/; classtype:trojan-activity;sid:84473797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.112.150.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610701/; classtype:trojan-activity;sid:84473801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.251.236.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610704/; classtype:trojan-activity;sid:84473804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610687)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.237.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610687/; classtype:trojan-activity;sid:84473787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.22.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610672/; classtype:trojan-activity;sid:84473772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610655)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.150.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610655/; classtype:trojan-activity;sid:84473755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610656)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.150.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610656/; classtype:trojan-activity;sid:84473756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610657)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.209.150.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610657/; classtype:trojan-activity;sid:84473757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610652)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.209.150.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610652/; classtype:trojan-activity;sid:84473752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610649)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.150.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610649/; classtype:trojan-activity;sid:84473749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610643)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/soul.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"114.66.52.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610643/; classtype:trojan-activity;sid:84473743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.22.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610642/; classtype:trojan-activity;sid:84473742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610638)"; flow:established,from_client; content:"GET"; http_method; content:"/soul.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"114.66.52.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610638/; classtype:trojan-activity;sid:84473738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610613)"; flow:established,from_client; content:"GET"; http_method; content:"/tfsoft/xftd/v2/ctf/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tengfeidn.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610613/; classtype:trojan-activity;sid:84473713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610612)"; flow:established,from_client; content:"GET"; http_method; content:"/tfsoft/xftd/v2/ctf/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"pcupd.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610612/; classtype:trojan-activity;sid:84473712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610609)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/optimized_msi.png"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"192.3.177.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610609/; classtype:trojan-activity;sid:84473709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610608)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/optimized_msi.png"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"katyache.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610608/; classtype:trojan-activity;sid:84473708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610604)"; flow:established,from_client; content:"GET"; http_method; content:"/api/upgrade/jd"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"rdm.91yunma.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610604/; classtype:trojan-activity;sid:84473704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610602)"; flow:established,from_client; content:"GET"; http_method; content:"/api/upgrade/qcoin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"rdm.91yunma.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610602/; classtype:trojan-activity;sid:84473702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610601)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"178.16.55.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610601/; classtype:trojan-activity;sid:84473701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610495)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610495/; classtype:trojan-activity;sid:84473595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610401)"; flow:established,from_client; content:"GET"; http_method; content:"/temp/mely.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"areyouready.co.za"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610401/; classtype:trojan-activity;sid:84473501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610381)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/loic/raw/refs/heads/master/loic.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610381/; classtype:trojan-activity;sid:84473481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610380)"; flow:established,from_client; content:"GET"; http_method; content:"/raizydaizy/steamcmd/raw/refs/heads/main/steamcmd.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610380/; classtype:trojan-activity;sid:84473480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.131.90.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610256/; classtype:trojan-activity;sid:84473356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610143)"; flow:established,from_client; content:"GET"; http_method; content:"/dr.html"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"101.33.235.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610143/; classtype:trojan-activity;sid:84473243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610135)"; flow:established,from_client; content:"GET"; http_method; content:"/sealsuite_update"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"107.174.133.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610135/; classtype:trojan-activity;sid:84473235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610133)"; flow:established,from_client; content:"GET"; http_method; content:"/%e7%ae%80%e5%8e%86-%e9%83%91%e5%ae%8f%e6%b6%9b-%e6%b8%85%e5%8d%8e%e5%a4%a7%e5%ad%a6.dotm"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"60.204.169.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610133/; classtype:trojan-activity;sid:84473233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610130)"; flow:established,from_client; content:"GET"; http_method; content:"/certinstallrun.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"172.245.253.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610130/; classtype:trojan-activity;sid:84473230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610047)"; flow:established,from_client; content:"GET"; http_method; content:"/poshc2-9.0.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"172.245.225.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610047/; classtype:trojan-activity;sid:84473147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610039)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"181.223.9.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610039/; classtype:trojan-activity;sid:84473139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610038)"; flow:established,from_client; content:"GET"; http_method; content:"/file.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"181.223.9.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610038/; classtype:trojan-activity;sid:84473138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610037)"; flow:established,from_client; content:"GET"; http_method; content:"/script2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"181.223.9.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610037/; classtype:trojan-activity;sid:84473137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609938)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.evoribusiness.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609938/; classtype:trojan-activity;sid:84473038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609931)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.evoribusiness.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609931/; classtype:trojan-activity;sid:84473031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609932)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.evoribusiness.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609932/; classtype:trojan-activity;sid:84473032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609933)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.evoribusiness.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609933/; classtype:trojan-activity;sid:84473033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609934)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.evoribusiness.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609934/; classtype:trojan-activity;sid:84473034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609935)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.evoribusiness.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609935/; classtype:trojan-activity;sid:84473035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609936)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.evoribusiness.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609936/; classtype:trojan-activity;sid:84473036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609927)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.evoribusiness.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609927/; classtype:trojan-activity;sid:84473027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609922)"; flow:established,from_client; content:"GET"; http_method; content:"/revmtr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"172.81.132.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609922/; classtype:trojan-activity;sid:84473022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609921)"; flow:established,from_client; content:"GET"; http_method; content:"/cowroot"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"172.81.132.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609921/; classtype:trojan-activity;sid:84473021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609920)"; flow:established,from_client; content:"GET"; http_method; content:"/hw_ng"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"172.81.132.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609920/; classtype:trojan-activity;sid:84473020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609918)"; flow:established,from_client; content:"GET"; http_method; content:"/haywire_linux_mtls"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"172.81.132.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609918/; classtype:trojan-activity;sid:84473018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609919)"; flow:established,from_client; content:"GET"; http_method; content:"/haywire_win.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"172.81.132.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609919/; classtype:trojan-activity;sid:84473019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609917)"; flow:established,from_client; content:"GET"; http_method; content:"/haywire"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"172.81.132.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609917/; classtype:trojan-activity;sid:84473017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609915)"; flow:established,from_client; content:"GET"; http_method; content:"/dirty.c"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"172.81.132.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609915/; classtype:trojan-activity;sid:84473015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609916)"; flow:established,from_client; content:"GET"; http_method; content:"/traitor-amd64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"172.81.132.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609916/; classtype:trojan-activity;sid:84473016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609912)"; flow:established,from_client; content:"GET"; http_method; content:"/payjok"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"172.81.132.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609912/; classtype:trojan-activity;sid:84473012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609913)"; flow:established,from_client; content:"GET"; http_method; content:"/reverse.elf"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"172.81.132.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609913/; classtype:trojan-activity;sid:84473013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609914)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"172.81.132.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609914/; classtype:trojan-activity;sid:84473014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609803)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/o.xml"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.138.16.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609803/; classtype:trojan-activity;sid:84472903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609801)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609801/; classtype:trojan-activity;sid:84472901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609797)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.176.20.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609797/; classtype:trojan-activity;sid:84472897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609791)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609791/; classtype:trojan-activity;sid:84472891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609785)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.176.20.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609785/; classtype:trojan-activity;sid:84472885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609786)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.176.20.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609786/; classtype:trojan-activity;sid:84472886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609768)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609768/; classtype:trojan-activity;sid:84472868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609762)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.arm4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609762/; classtype:trojan-activity;sid:84472862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609761)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609761/; classtype:trojan-activity;sid:84472861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609758)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609758/; classtype:trojan-activity;sid:84472858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609757)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609757/; classtype:trojan-activity;sid:84472857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609752)"; flow:established,from_client; content:"GET"; http_method; content:"/csky"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609752/; classtype:trojan-activity;sid:84472852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609753)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609753/; classtype:trojan-activity;sid:84472853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609754)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609754/; classtype:trojan-activity;sid:84472854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609756)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609756/; classtype:trojan-activity;sid:84472856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609751)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609751/; classtype:trojan-activity;sid:84472851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609748)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609748/; classtype:trojan-activity;sid:84472848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609741)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.186.28.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609741/; classtype:trojan-activity;sid:84472841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609700)"; flow:established,from_client; content:"GET"; http_method; content:"/setup.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"blackhatusa.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609700/; classtype:trojan-activity;sid:84472800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609628)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.73.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609628/; classtype:trojan-activity;sid:84472728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.184.229.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609561/; classtype:trojan-activity;sid:84472661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609518)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.138.16.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609518/; classtype:trojan-activity;sid:84472618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609519)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.138.16.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609519/; classtype:trojan-activity;sid:84472619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609520)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.138.16.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609520/; classtype:trojan-activity;sid:84472620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609505)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.138.16.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609505/; classtype:trojan-activity;sid:84472605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609506)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.138.16.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609506/; classtype:trojan-activity;sid:84472606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609508)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pspc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.138.16.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609508/; classtype:trojan-activity;sid:84472608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609509)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.138.16.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609509/; classtype:trojan-activity;sid:84472609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609512)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.138.16.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609512/; classtype:trojan-activity;sid:84472612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609513)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.138.16.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609513/; classtype:trojan-activity;sid:84472613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609515)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.138.16.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609515/; classtype:trojan-activity;sid:84472615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609501)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.138.16.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609501/; classtype:trojan-activity;sid:84472601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609394)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%81%92%e5%a4%a9%e7%91%9e%e8%ae%af3.4.2.52.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"118.244.192.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609394/; classtype:trojan-activity;sid:84472494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609365)"; flow:established,from_client; content:"GET"; http_method; content:"/havoc/payloads/dllldr.x64.bin"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"146.70.113.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609365/; classtype:trojan-activity;sid:84472465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.29.137.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609297/; classtype:trojan-activity;sid:84472397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609282)"; flow:established,from_client; content:"GET"; http_method; content:"/neu4fxbaeiuz1pm.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609282/; classtype:trojan-activity;sid:84472382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609281)"; flow:established,from_client; content:"GET"; http_method; content:"/wqavv4cepkmiwff.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609281/; classtype:trojan-activity;sid:84472381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609280)"; flow:established,from_client; content:"GET"; http_method; content:"/zixkmohxex386yt.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609280/; classtype:trojan-activity;sid:84472380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609271)"; flow:established,from_client; content:"GET"; http_method; content:"/qoeifepnh7u3h8w.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609271/; classtype:trojan-activity;sid:84472371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.164.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609220/; classtype:trojan-activity;sid:84472320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609204)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon_x64.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.134.189.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609204/; classtype:trojan-activity;sid:84472304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609203)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon_x64.tar"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.134.189.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609203/; classtype:trojan-activity;sid:84472303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609151)"; flow:established,from_client; content:"GET"; http_method; content:"/files/newera.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"198.100.150.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609151/; classtype:trojan-activity;sid:84472251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.197.231.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609150/; classtype:trojan-activity;sid:84472250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609043)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/cred64.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"microsoft-telemetry.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609043/; classtype:trojan-activity;sid:84472143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609042)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/clip.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"microsoft-telemetry.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609042/; classtype:trojan-activity;sid:84472142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609041)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/cred.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"microsoft-telemetry.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609041/; classtype:trojan-activity;sid:84472141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609040)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/clip64.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"microsoft-telemetry.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609040/; classtype:trojan-activity;sid:84472140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609039)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/vnc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"microsoft-telemetry.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609039/; classtype:trojan-activity;sid:84472139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609018)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.73.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609018/; classtype:trojan-activity;sid:84472118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.63.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608988/; classtype:trojan-activity;sid:84472088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608977)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.73.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608977/; classtype:trojan-activity;sid:84472077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608984)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.73.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608984/; classtype:trojan-activity;sid:84472084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608976)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.73.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608976/; classtype:trojan-activity;sid:84472076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608972)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.73.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608972/; classtype:trojan-activity;sid:84472072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608970)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.73.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608970/; classtype:trojan-activity;sid:84472070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608960)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.73.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608960/; classtype:trojan-activity;sid:84472060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608961)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.73.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608961/; classtype:trojan-activity;sid:84472061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608962)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.73.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608962/; classtype:trojan-activity;sid:84472062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608963)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.73.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608963/; classtype:trojan-activity;sid:84472063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608964)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.73.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608964/; classtype:trojan-activity;sid:84472064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608966)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.73.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608966/; classtype:trojan-activity;sid:84472066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608946)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.73.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608946/; classtype:trojan-activity;sid:84472046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608947)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.73.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608947/; classtype:trojan-activity;sid:84472047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608802)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.45.105.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608802/; classtype:trojan-activity;sid:84471902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608773)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.45.105.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608773/; classtype:trojan-activity;sid:84471873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608523)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/128%e7%86%8a%e7%be%8e%e8%8c%b9-%e6%97%a0/video.lnk"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608523/; classtype:trojan-activity;sid:84471623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/22072024080730/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608522/; classtype:trojan-activity;sid:84471622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/17062024123023/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608521/; classtype:trojan-activity;sid:84471621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/14082024082341/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608520/; classtype:trojan-activity;sid:84471620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/09072024080408/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608519/; classtype:trojan-activity;sid:84471619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/11072024072520/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608518/; classtype:trojan-activity;sid:84471618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608517/; classtype:trojan-activity;sid:84471617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608516)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/119%e9%a9%ac%e9%9b%af%e5%a9%b7-%e6%97%a0/photo.lnk"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608516/; classtype:trojan-activity;sid:84471616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608507)"; flow:established,from_client; content:"GET"; http_method; content:"/20231208_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608507/; classtype:trojan-activity;sid:84471607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608508)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608508/; classtype:trojan-activity;sid:84471608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608509)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/119%e9%a9%ac%e9%9b%af%e5%a9%b7-%e6%97%a0/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608509/; classtype:trojan-activity;sid:84471609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608510)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e7%85%a7%e6%98%8e%e4%ba%8c%e7%8f%ad/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608510/; classtype:trojan-activity;sid:84471610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608511)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/10092024072747/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608511/; classtype:trojan-activity;sid:84471611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608512)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e7%85%a7%e6%98%8e%e4%ba%8c%e7%8f%ad/video.lnk"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608512/; classtype:trojan-activity;sid:84471612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/23092024080311/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608513/; classtype:trojan-activity;sid:84471613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608514)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e7%85%a7%e6%98%8e%e4%ba%8c%e7%8f%ad/photo.scr"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608514/; classtype:trojan-activity;sid:84471614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608504)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608504/; classtype:trojan-activity;sid:84471604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608505)"; flow:established,from_client; content:"GET"; http_method; content:"/steelames/windowsinstaller4_5/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608505/; classtype:trojan-activity;sid:84471605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/02082024071413/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608506/; classtype:trojan-activity;sid:84471606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608502)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/photo.lnk"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608502/; classtype:trojan-activity;sid:84471602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23092024103542/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608503/; classtype:trojan-activity;sid:84471603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608500)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/15072024075523/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608500/; classtype:trojan-activity;sid:84471600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608501)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/2021-11/av.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608501/; classtype:trojan-activity;sid:84471601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608499)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/video.lnk"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608499/; classtype:trojan-activity;sid:84471599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608498)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e7%85%a7%e6%98%8e%e4%ba%8c%e7%8f%ad/photo.lnk"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608498/; classtype:trojan-activity;sid:84471598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/13082024070204/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608487/; classtype:trojan-activity;sid:84471587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608488)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/14062024075221/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608488/; classtype:trojan-activity;sid:84471588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608489)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/2021-11/photo.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608489/; classtype:trojan-activity;sid:84471589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608490)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/2021-11/video.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608490/; classtype:trojan-activity;sid:84471590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/12082024075637/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608491/; classtype:trojan-activity;sid:84471591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/16082024071234/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608492/; classtype:trojan-activity;sid:84471592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/13072024070443/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608493/; classtype:trojan-activity;sid:84471593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608494)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/2021-11/3c7dd4259d7141c1859d3a845d92c3c8/photo.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608494/; classtype:trojan-activity;sid:84471594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608495)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/2021-11/3c7dd4259d7141c1859d3a845d92c3c8/av.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608495/; classtype:trojan-activity;sid:84471595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608496)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/18062024074945/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608496/; classtype:trojan-activity;sid:84471596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608497)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/22082024110801/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608497/; classtype:trojan-activity;sid:84471597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608485)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608485/; classtype:trojan-activity;sid:84471585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12092024121832/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608482/; classtype:trojan-activity;sid:84471582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8461/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608483/; classtype:trojan-activity;sid:84471583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608477)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/119%e9%a9%ac%e9%9b%af%e5%a9%b7-%e6%97%a0/photo.scr"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608477/; classtype:trojan-activity;sid:84471577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608478)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/2021-11/3c7dd4259d7141c1859d3a845d92c3c8/video.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608478/; classtype:trojan-activity;sid:84471578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/10092024080037/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608479/; classtype:trojan-activity;sid:84471579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608480)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/128%e7%86%8a%e7%be%8e%e8%8c%b9-%e6%97%a0/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608480/; classtype:trojan-activity;sid:84471580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/28082024112055/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608471/; classtype:trojan-activity;sid:84471571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608473)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/119%e9%a9%ac%e9%9b%af%e5%a9%b7-%e6%97%a0/video.lnk"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608473/; classtype:trojan-activity;sid:84471573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11062024140819/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608474/; classtype:trojan-activity;sid:84471574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608468)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e7%85%a7%e6%98%8e%e4%ba%8c%e7%8f%ad/av.lnk"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608468/; classtype:trojan-activity;sid:84471568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608469)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/128%e7%86%8a%e7%be%8e%e8%8c%b9-%e6%97%a0/photo.scr"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608469/; classtype:trojan-activity;sid:84471569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/25072024071607/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608470/; classtype:trojan-activity;sid:84471570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/17082024070657/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608466/; classtype:trojan-activity;sid:84471566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11072024122345/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608467/; classtype:trojan-activity;sid:84471567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608462)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608462/; classtype:trojan-activity;sid:84471562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608458)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.239.7.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608458/; classtype:trojan-activity;sid:84471558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608451)"; flow:established,from_client; content:"GET"; http_method; content:"/20231222%e5%bd%b1%e6%8a%80/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608451/; classtype:trojan-activity;sid:84471551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608452)"; flow:established,from_client; content:"GET"; http_method; content:"/20231215_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608452/; classtype:trojan-activity;sid:84471552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608453)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/119%e9%a9%ac%e9%9b%af%e5%a9%b7-%e6%97%a0/av.lnk"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608453/; classtype:trojan-activity;sid:84471553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608448)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/128%e7%86%8a%e7%be%8e%e8%8c%b9-%e6%97%a0/photo.lnk"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608448/; classtype:trojan-activity;sid:84471548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608449)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/photo.scr"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608449/; classtype:trojan-activity;sid:84471549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608444)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/128%e7%86%8a%e7%be%8e%e8%8c%b9-%e6%97%a0/av.lnk"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608444/; classtype:trojan-activity;sid:84471544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608445)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/av.lnk"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608445/; classtype:trojan-activity;sid:84471545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608217)"; flow:established,from_client; content:"GET"; http_method; content:"/bookvita.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"171.22.16.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608217/; classtype:trojan-activity;sid:84471317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608109)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"155.94.153.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608109/; classtype:trojan-activity;sid:84471209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.231.176.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608100/; classtype:trojan-activity;sid:84471200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"207.113.230.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608094/; classtype:trojan-activity;sid:84471194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608092)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"219.161.126.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608092/; classtype:trojan-activity;sid:84471192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608089)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.153.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608089/; classtype:trojan-activity;sid:84471189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608082)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.82.160"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608082/; classtype:trojan-activity;sid:84471182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608047)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.212.166.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608047/; classtype:trojan-activity;sid:84471147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608045)"; flow:established,from_client; content:"GET"; http_method; content:"/random.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"198.100.150.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608045/; classtype:trojan-activity;sid:84471145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608040)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608040/; classtype:trojan-activity;sid:84471140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608041)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608041/; classtype:trojan-activity;sid:84471141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608042)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608042/; classtype:trojan-activity;sid:84471142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608043)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608043/; classtype:trojan-activity;sid:84471143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608039)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608039/; classtype:trojan-activity;sid:84471139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608038)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608038/; classtype:trojan-activity;sid:84471138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608036)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608036/; classtype:trojan-activity;sid:84471136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608037)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608037/; classtype:trojan-activity;sid:84471137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608001)"; flow:established,from_client; content:"GET"; http_method; content:"/~topmedsolutionco/wp-includes/images/media/resultats-damadeus-benefit-2025.scr"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"topmedsolution.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608001/; classtype:trojan-activity;sid:84471101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607967)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607967/; classtype:trojan-activity;sid:84471067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607961)"; flow:established,from_client; content:"GET"; http_method; content:"/ntchuy/hack/refs/heads/main/client.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607961/; classtype:trojan-activity;sid:84471061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607962)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607962/; classtype:trojan-activity;sid:84471062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607963)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607963/; classtype:trojan-activity;sid:84471063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607915)"; flow:established,from_client; content:"GET"; http_method; content:"/linpeas.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"34.70.102.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607915/; classtype:trojan-activity;sid:84471015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607833)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"codingvix.win"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607833/; classtype:trojan-activity;sid:84470933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607834)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"codingvix.win"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607834/; classtype:trojan-activity;sid:84470934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607831)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"codingvix.win"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607831/; classtype:trojan-activity;sid:84470931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607832)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"codingvix.win"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607832/; classtype:trojan-activity;sid:84470932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607828)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"codingvix.win"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607828/; classtype:trojan-activity;sid:84470928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607829)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"codingvix.win"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607829/; classtype:trojan-activity;sid:84470929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607830)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"codingvix.win"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607830/; classtype:trojan-activity;sid:84470930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607827)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"codingvix.win"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607827/; classtype:trojan-activity;sid:84470927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607826)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"codingvix.win"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607826/; classtype:trojan-activity;sid:84470926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607821)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"codingvix.win"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607821/; classtype:trojan-activity;sid:84470921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607822)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"codingvix.win"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607822/; classtype:trojan-activity;sid:84470922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607823)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"codingvix.win"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607823/; classtype:trojan-activity;sid:84470923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607824)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"codingvix.win"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607824/; classtype:trojan-activity;sid:84470924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607825)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"codingvix.win"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607825/; classtype:trojan-activity;sid:84470925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607819)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"codingvix.win"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607819/; classtype:trojan-activity;sid:84470919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607820)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"codingvix.win"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607820/; classtype:trojan-activity;sid:84470920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607742/; classtype:trojan-activity;sid:84470842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607729/; classtype:trojan-activity;sid:84470829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607719)"; flow:established,from_client; content:"GET"; http_method; content:"/cl6mvifagtatx0e.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607719/; classtype:trojan-activity;sid:84470819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607718)"; flow:established,from_client; content:"GET"; http_method; content:"/v0b6v2v1edzvbyd.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607718/; classtype:trojan-activity;sid:84470818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607698)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.176.20.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607698/; classtype:trojan-activity;sid:84470798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607694)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.176.20.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607694/; classtype:trojan-activity;sid:84470794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607696)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.176.20.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607696/; classtype:trojan-activity;sid:84470796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607644)"; flow:established,from_client; content:"GET"; http_method; content:"/d/vipx27099"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.93.89.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607644/; classtype:trojan-activity;sid:84470744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607631)"; flow:established,from_client; content:"GET"; http_method; content:"/1/xodeo.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"onedomainpro.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607631/; classtype:trojan-activity;sid:84470731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607636)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.16.54.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607636/; classtype:trojan-activity;sid:84470736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607614)"; flow:established,from_client; content:"GET"; http_method; content:"/d/leopold60656"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.93.89.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607614/; classtype:trojan-activity;sid:84470714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607615)"; flow:established,from_client; content:"GET"; http_method; content:"/otherassets/ledger.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.93.89.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607615/; classtype:trojan-activity;sid:84470715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.241.143.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607511/; classtype:trojan-activity;sid:84470611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.241.143.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607507/; classtype:trojan-activity;sid:84470607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607492)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.16.54.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607492/; classtype:trojan-activity;sid:84470592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607426)"; flow:established,from_client; content:"GET"; http_method; content:"/download.php|3f|file=999.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607426/; classtype:trojan-activity;sid:84470526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607420)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7453936223/rent7wg.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607420/; classtype:trojan-activity;sid:84470520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607407)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5296057416/tse2e3k.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607407/; classtype:trojan-activity;sid:84470507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607398)"; flow:established,from_client; content:"GET"; http_method; content:"/luma/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607398/; classtype:trojan-activity;sid:84470498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607394)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique2/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607394/; classtype:trojan-activity;sid:84470494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607393)"; flow:established,from_client; content:"GET"; http_method; content:"/files/fate/random.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607393/; classtype:trojan-activity;sid:84470493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607358)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.105.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607358/; classtype:trojan-activity;sid:84470458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607353)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"20.206.138.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607353/; classtype:trojan-activity;sid:84470453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.158.206.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607344/; classtype:trojan-activity;sid:84470444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.130.29.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607341/; classtype:trojan-activity;sid:84470441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607248)"; flow:established,from_client; content:"GET"; http_method; content:"/letter_of_invitation.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"146.70.113.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607248/; classtype:trojan-activity;sid:84470348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607246)"; flow:established,from_client; content:"GET"; http_method; content:"/gabeeeeeesd/solaraexecutor/raw/refs/heads/main/solara%20v3.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607246/; classtype:trojan-activity;sid:84470346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607166)"; flow:established,from_client; content:"GET"; http_method; content:"/ajax/pixi.min.js"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"woop-bicks.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607166/; classtype:trojan-activity;sid:84470266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607108)"; flow:established,from_client; content:"GET"; http_method; content:"/kitty.aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"196.251.84.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607108/; classtype:trojan-activity;sid:84470208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607110)"; flow:established,from_client; content:"GET"; http_method; content:"/kitty.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.84.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607110/; classtype:trojan-activity;sid:84470210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607112)"; flow:established,from_client; content:"GET"; http_method; content:"/kitty.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"196.251.84.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607112/; classtype:trojan-activity;sid:84470212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607072)"; flow:established,from_client; content:"GET"; http_method; content:"/ipcam.tplink.sh"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.84.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607072/; classtype:trojan-activity;sid:84470172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.219.105.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607037/; classtype:trojan-activity;sid:84470137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606904)"; flow:established,from_client; content:"GET"; http_method; content:"/win.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"visualwikicloud.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606904/; classtype:trojan-activity;sid:84470004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606807)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"58.187.175.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606807/; classtype:trojan-activity;sid:84469907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606808)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"221.113.193.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606808/; classtype:trojan-activity;sid:84469908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606770)"; flow:established,from_client; content:"GET"; http_method; content:"/d1ovu/pon/refs/heads/main/rustmedebyg.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606770/; classtype:trojan-activity;sid:84469870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606767)"; flow:established,from_client; content:"GET"; http_method; content:"/d1ovu/pon/refs/heads/main/rustme.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606767/; classtype:trojan-activity;sid:84469867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606766)"; flow:established,from_client; content:"GET"; http_method; content:"/d1ovu/pon/refs/heads/main/debugconfig.bat"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606766/; classtype:trojan-activity;sid:84469866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.164.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606763/; classtype:trojan-activity;sid:84469863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606686)"; flow:established,from_client; content:"GET"; http_method; content:"/ajax/pixi.min.js"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"revise-akmo.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606686/; classtype:trojan-activity;sid:84469786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606681)"; flow:established,from_client; content:"GET"; http_method; content:"/d/kin54042"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.93.89.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606681/; classtype:trojan-activity;sid:84469781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606680)"; flow:established,from_client; content:"GET"; http_method; content:"/atu.lim"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"electri.billregulator.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606680/; classtype:trojan-activity;sid:84469780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606594)"; flow:established,from_client; content:"GET"; http_method; content:"/09cjp5ya4tywyyr.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606594/; classtype:trojan-activity;sid:84469694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606591)"; flow:established,from_client; content:"GET"; http_method; content:"/nuhgxh078wtth5l.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606591/; classtype:trojan-activity;sid:84469691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606590)"; flow:established,from_client; content:"GET"; http_method; content:"/esdhkcbwgnuemau.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606590/; classtype:trojan-activity;sid:84469690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606577)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/9e3363f017c60726bf610a2a472040144t."; http_uri; depth:41; isdataat:!1,relative; nocase; content:"file.uhsea.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606577/; classtype:trojan-activity;sid:84469677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606414)"; flow:established,from_client; content:"GET"; http_method; content:"/debug"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606414/; classtype:trojan-activity;sid:84469514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606412)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606412/; classtype:trojan-activity;sid:84469512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606413)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606413/; classtype:trojan-activity;sid:84469513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606411)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606411/; classtype:trojan-activity;sid:84469511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606407)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606407/; classtype:trojan-activity;sid:84469507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606408)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606408/; classtype:trojan-activity;sid:84469508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606410)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606410/; classtype:trojan-activity;sid:84469510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606406)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606406/; classtype:trojan-activity;sid:84469506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606405)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606405/; classtype:trojan-activity;sid:84469505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606397)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606397/; classtype:trojan-activity;sid:84469497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606398)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606398/; classtype:trojan-activity;sid:84469498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606399)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606399/; classtype:trojan-activity;sid:84469499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606400)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606400/; classtype:trojan-activity;sid:84469500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606401)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606401/; classtype:trojan-activity;sid:84469501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606402)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606402/; classtype:trojan-activity;sid:84469502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606403)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606403/; classtype:trojan-activity;sid:84469503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606404)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606404/; classtype:trojan-activity;sid:84469504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606396)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606396/; classtype:trojan-activity;sid:84469496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606216)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606216/; classtype:trojan-activity;sid:84469316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606215)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606215/; classtype:trojan-activity;sid:84469315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606212)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606212/; classtype:trojan-activity;sid:84469312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606203)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606203/; classtype:trojan-activity;sid:84469303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606204)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606204/; classtype:trojan-activity;sid:84469304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606205)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606205/; classtype:trojan-activity;sid:84469305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606206)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606206/; classtype:trojan-activity;sid:84469306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606207)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606207/; classtype:trojan-activity;sid:84469307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606209)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606209/; classtype:trojan-activity;sid:84469309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606211)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606211/; classtype:trojan-activity;sid:84469311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606202)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606202/; classtype:trojan-activity;sid:84469302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605990)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.52.208.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605990/; classtype:trojan-activity;sid:84469090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605992)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.102.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605992/; classtype:trojan-activity;sid:84469092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605993)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.187.25.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605993/; classtype:trojan-activity;sid:84469093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605981)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.69.98.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605981/; classtype:trojan-activity;sid:84469081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.227.132.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605936/; classtype:trojan-activity;sid:84469036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605934)"; flow:established,from_client; content:"GET"; http_method; content:"/milkrun/work_approval_pdf3.clientsetup.msi"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"scanwellhaulage.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605934/; classtype:trojan-activity;sid:84469034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.227.132.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605929/; classtype:trojan-activity;sid:84469029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605878)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"130.61.147.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605878/; classtype:trojan-activity;sid:84468978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605815)"; flow:established,from_client; content:"GET"; http_method; content:"/t8rku9ms/plugins/vnc.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.196.11.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605815/; classtype:trojan-activity;sid:84468915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605814)"; flow:established,from_client; content:"GET"; http_method; content:"/g8jejfc38/plugins/cred64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.227.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605814/; classtype:trojan-activity;sid:84468914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605813)"; flow:established,from_client; content:"GET"; http_method; content:"/g8jejfc38/plugins/clip64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.227.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605813/; classtype:trojan-activity;sid:84468913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605812)"; flow:established,from_client; content:"GET"; http_method; content:"/g8jejfc38/plugins/vnc.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"62.60.227.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605812/; classtype:trojan-activity;sid:84468912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605801)"; flow:established,from_client; content:"GET"; http_method; content:"/t8rku9ms/plugins/clip64.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.196.11.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605801/; classtype:trojan-activity;sid:84468901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605803)"; flow:established,from_client; content:"GET"; http_method; content:"/t8rku9ms/plugins/cred.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.196.11.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605803/; classtype:trojan-activity;sid:84468903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605804)"; flow:established,from_client; content:"GET"; http_method; content:"/g8jejfc38/plugins/cred.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"62.60.227.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605804/; classtype:trojan-activity;sid:84468904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605806)"; flow:established,from_client; content:"GET"; http_method; content:"/t8rku9ms/plugins/cred64.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.196.11.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605806/; classtype:trojan-activity;sid:84468906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605807)"; flow:established,from_client; content:"GET"; http_method; content:"/g8jejfc38/plugins/clip.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"62.60.227.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605807/; classtype:trojan-activity;sid:84468907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605797)"; flow:established,from_client; content:"GET"; http_method; content:"/t8rku9ms/plugins/clip.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.196.11.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605797/; classtype:trojan-activity;sid:84468897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605788)"; flow:established,from_client; content:"GET"; http_method; content:"/di9ku38f/plugins/clip.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.154.35.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605788/; classtype:trojan-activity;sid:84468888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605787)"; flow:established,from_client; content:"GET"; http_method; content:"/di9ku38f/plugins/cred.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.154.35.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605787/; classtype:trojan-activity;sid:84468887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605786)"; flow:established,from_client; content:"GET"; http_method; content:"/di9ku38f/plugins/clip64.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"94.154.35.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605786/; classtype:trojan-activity;sid:84468886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605783)"; flow:established,from_client; content:"GET"; http_method; content:"/di9ku38f/plugins/cred64.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"94.154.35.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605783/; classtype:trojan-activity;sid:84468883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605782)"; flow:established,from_client; content:"GET"; http_method; content:"/f7ehhfaddsk/plugins/cred.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"85.208.84.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605782/; classtype:trojan-activity;sid:84468882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605778)"; flow:established,from_client; content:"GET"; http_method; content:"/f7ehhfaddsk/plugins/cred64.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"85.208.84.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605778/; classtype:trojan-activity;sid:84468878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605779)"; flow:established,from_client; content:"GET"; http_method; content:"/f7ehhfaddsk/plugins/vnc.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"85.208.84.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605779/; classtype:trojan-activity;sid:84468879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605775)"; flow:established,from_client; content:"GET"; http_method; content:"/f7ehhfaddsk/plugins/clip.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"85.208.84.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605775/; classtype:trojan-activity;sid:84468875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605776)"; flow:established,from_client; content:"GET"; http_method; content:"/di9ku38f/plugins/vnc.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"94.154.35.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605776/; classtype:trojan-activity;sid:84468876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605764)"; flow:established,from_client; content:"GET"; http_method; content:"/e3jv8fs9b/plugins/clip.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"196.251.85.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605764/; classtype:trojan-activity;sid:84468864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605766)"; flow:established,from_client; content:"GET"; http_method; content:"/e3jv8fs9b/plugins/cred.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"196.251.85.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605766/; classtype:trojan-activity;sid:84468866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605761)"; flow:established,from_client; content:"GET"; http_method; content:"/e3jv8fs9b/plugins/vnc.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.85.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605761/; classtype:trojan-activity;sid:84468861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605757)"; flow:established,from_client; content:"GET"; http_method; content:"/g7hen3xxf/plugins/vnc.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.150.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605757/; classtype:trojan-activity;sid:84468857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605756)"; flow:established,from_client; content:"GET"; http_method; content:"/g7hen3xxf/plugins/cred.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.150.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605756/; classtype:trojan-activity;sid:84468856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605755)"; flow:established,from_client; content:"GET"; http_method; content:"/g7hen3xxf/plugins/cred64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"213.209.150.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605755/; classtype:trojan-activity;sid:84468855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605754)"; flow:established,from_client; content:"GET"; http_method; content:"/g7hen3xxf/plugins/clip.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.150.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605754/; classtype:trojan-activity;sid:84468854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.10.2.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605689/; classtype:trojan-activity;sid:84468789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.219.105.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605692/; classtype:trojan-activity;sid:84468792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605590)"; flow:established,from_client; content:"GET"; http_method; content:"/g7hen3xxf/plugins/clip64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"213.209.150.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605590/; classtype:trojan-activity;sid:84468690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.64.134.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605587/; classtype:trojan-activity;sid:84468687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605380)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.252.89.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605380/; classtype:trojan-activity;sid:84468480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605379)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.252.89.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605379/; classtype:trojan-activity;sid:84468479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605378)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.252.89.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605378/; classtype:trojan-activity;sid:84468478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605370)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.252.89.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605370/; classtype:trojan-activity;sid:84468470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605371)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.252.89.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605371/; classtype:trojan-activity;sid:84468471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605372)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.252.89.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605372/; classtype:trojan-activity;sid:84468472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605373)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.252.89.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605373/; classtype:trojan-activity;sid:84468473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605374)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.252.89.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605374/; classtype:trojan-activity;sid:84468474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605375)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.252.89.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605375/; classtype:trojan-activity;sid:84468475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605376)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.252.89.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605376/; classtype:trojan-activity;sid:84468476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605377)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.252.89.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605377/; classtype:trojan-activity;sid:84468477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605368)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.252.89.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605368/; classtype:trojan-activity;sid:84468468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605369)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.252.89.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605369/; classtype:trojan-activity;sid:84468469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.166.218.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605364/; classtype:trojan-activity;sid:84468464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605346)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.39.183.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605346/; classtype:trojan-activity;sid:84468446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.40.48.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605083/; classtype:trojan-activity;sid:84468183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.40.48.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605078/; classtype:trojan-activity;sid:84468178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.64.134.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605035/; classtype:trojan-activity;sid:84468135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604953)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.193.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604953/; classtype:trojan-activity;sid:84468053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604944)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.193.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604944/; classtype:trojan-activity;sid:84468044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604951)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.193.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604951/; classtype:trojan-activity;sid:84468051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604942)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.193.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604942/; classtype:trojan-activity;sid:84468042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604936)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.193.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604936/; classtype:trojan-activity;sid:84468036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604937)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.193.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604937/; classtype:trojan-activity;sid:84468037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604931)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.193.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604931/; classtype:trojan-activity;sid:84468031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604932)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.193.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604932/; classtype:trojan-activity;sid:84468032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604933)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.193.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604933/; classtype:trojan-activity;sid:84468033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604924)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.193.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604924/; classtype:trojan-activity;sid:84468024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604922)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.193.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604922/; classtype:trojan-activity;sid:84468022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604923)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.193.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604923/; classtype:trojan-activity;sid:84468023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604881)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"84.200.193.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604881/; classtype:trojan-activity;sid:84467981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604879)"; flow:established,from_client; content:"GET"; http_method; content:"/keepon.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"209.145.51.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604879/; classtype:trojan-activity;sid:84467979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604878)"; flow:established,from_client; content:"GET"; http_method; content:"/iceland.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uploadtree.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604878/; classtype:trojan-activity;sid:84467978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.2.227.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604743/; classtype:trojan-activity;sid:84467843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.49.65.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604734/; classtype:trojan-activity;sid:84467834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604725)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.132.72.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604725/; classtype:trojan-activity;sid:84467825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604727)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.132.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604727/; classtype:trojan-activity;sid:84467827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604272)"; flow:established,from_client; content:"GET"; http_method; content:"/.ini/helper.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"4.228.56.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604272/; classtype:trojan-activity;sid:84467372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604271)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/adobeupdate.msi"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.159.99.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604271/; classtype:trojan-activity;sid:84467371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604270)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/l8825.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"94.159.99.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604270/; classtype:trojan-activity;sid:84467370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604269)"; flow:established,from_client; content:"GET"; http_method; content:"/.ini/file.vbs"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"4.228.56.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604269/; classtype:trojan-activity;sid:84467369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604264)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.184.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604264/; classtype:trojan-activity;sid:84467364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604243)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.196.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604243/; classtype:trojan-activity;sid:84467343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.250.48.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604244/; classtype:trojan-activity;sid:84467344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.217.165.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604242/; classtype:trojan-activity;sid:84467342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"141.149.36.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604235/; classtype:trojan-activity;sid:84467335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604233)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.126.150.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604233/; classtype:trojan-activity;sid:84467333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604190)"; flow:established,from_client; content:"GET"; http_method; content:"/n/vs_buildtools.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"198.46.142.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604190/; classtype:trojan-activity;sid:84467290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604177)"; flow:established,from_client; content:"GET"; http_method; content:"/ajax/pixi.min.js"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"domainweel.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604177/; classtype:trojan-activity;sid:84467277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604156/; classtype:trojan-activity;sid:84467256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604091)"; flow:established,from_client; content:"GET"; http_method; content:"/64/64th%20service%20v20.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"64-agd.pages.dev"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604091/; classtype:trojan-activity;sid:84467191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604058/; classtype:trojan-activity;sid:84467158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604048/; classtype:trojan-activity;sid:84467148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604017)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"botnetszx.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604017/; classtype:trojan-activity;sid:84467117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604016)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"botnetszx.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604016/; classtype:trojan-activity;sid:84467116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604011)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnetszx.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604011/; classtype:trojan-activity;sid:84467111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604012)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnetszx.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604012/; classtype:trojan-activity;sid:84467112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604013)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnetszx.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604013/; classtype:trojan-activity;sid:84467113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604014)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"botnetszx.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604014/; classtype:trojan-activity;sid:84467114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604015)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnetszx.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604015/; classtype:trojan-activity;sid:84467115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604010)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnetszx.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604010/; classtype:trojan-activity;sid:84467110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604002)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.170.123.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604002/; classtype:trojan-activity;sid:84467102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604003)"; flow:established,from_client; content:"GET"; http_method; content:"/jack5tr.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"botnetszx.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604003/; classtype:trojan-activity;sid:84467103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604004)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.170.123.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604004/; classtype:trojan-activity;sid:84467104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604005)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.170.123.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604005/; classtype:trojan-activity;sid:84467105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604006)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.170.123.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604006/; classtype:trojan-activity;sid:84467106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604007)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnetszx.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604007/; classtype:trojan-activity;sid:84467107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604008)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnetszx.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604008/; classtype:trojan-activity;sid:84467108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604009)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"botnetszx.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604009/; classtype:trojan-activity;sid:84467109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603996)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.170.123.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603996/; classtype:trojan-activity;sid:84467096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603997)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnetszx.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603997/; classtype:trojan-activity;sid:84467097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603998)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.170.123.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603998/; classtype:trojan-activity;sid:84467098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603999)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.170.123.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603999/; classtype:trojan-activity;sid:84467099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604000)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnetszx.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604000/; classtype:trojan-activity;sid:84467100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604001)"; flow:established,from_client; content:"GET"; http_method; content:"/jack5tr.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.170.123.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604001/; classtype:trojan-activity;sid:84467101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603995)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnetszx.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603995/; classtype:trojan-activity;sid:84467095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603993)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.170.123.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603993/; classtype:trojan-activity;sid:84467093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603994)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.170.123.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603994/; classtype:trojan-activity;sid:84467094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603964)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.170.123.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603964/; classtype:trojan-activity;sid:84467064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603967)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.170.123.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603967/; classtype:trojan-activity;sid:84467067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603968)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.170.123.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603968/; classtype:trojan-activity;sid:84467068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603971)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.170.123.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603971/; classtype:trojan-activity;sid:84467071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603956)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.170.123.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603956/; classtype:trojan-activity;sid:84467056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603900)"; flow:established,from_client; content:"GET"; http_method; content:"/5.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.46.152.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603900/; classtype:trojan-activity;sid:84467000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603165)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.97.125.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603165/; classtype:trojan-activity;sid:84466265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.224.167.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603163/; classtype:trojan-activity;sid:84466263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603140)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.125.81.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603140/; classtype:trojan-activity;sid:84466240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603049)"; flow:established,from_client; content:"GET"; http_method; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.arm"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603049/; classtype:trojan-activity;sid:84466149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603048)"; flow:established,from_client; content:"GET"; http_method; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.mpsl"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603048/; classtype:trojan-activity;sid:84466148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603047)"; flow:established,from_client; content:"GET"; http_method; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.arm7"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603047/; classtype:trojan-activity;sid:84466147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603045)"; flow:established,from_client; content:"GET"; http_method; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.mips"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603045/; classtype:trojan-activity;sid:84466145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603046)"; flow:established,from_client; content:"GET"; http_method; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.arc"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603046/; classtype:trojan-activity;sid:84466146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603042)"; flow:established,from_client; content:"GET"; http_method; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.m68k"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603042/; classtype:trojan-activity;sid:84466142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603043)"; flow:established,from_client; content:"GET"; http_method; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.spc"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603043/; classtype:trojan-activity;sid:84466143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603038)"; flow:established,from_client; content:"GET"; http_method; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.arm6"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603038/; classtype:trojan-activity;sid:84466138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603039)"; flow:established,from_client; content:"GET"; http_method; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.ppc"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603039/; classtype:trojan-activity;sid:84466139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603040)"; flow:established,from_client; content:"GET"; http_method; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.x86"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603040/; classtype:trojan-activity;sid:84466140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603041)"; flow:established,from_client; content:"GET"; http_method; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.sh4"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603041/; classtype:trojan-activity;sid:84466141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603037)"; flow:established,from_client; content:"GET"; http_method; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/ohshit.sh"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603037/; classtype:trojan-activity;sid:84466137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.254.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603033/; classtype:trojan-activity;sid:84466133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.254.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602987/; classtype:trojan-activity;sid:84466087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602932)"; flow:established,from_client; content:"GET"; http_method; content:"/ruldsivul4badsr.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602932/; classtype:trojan-activity;sid:84466032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602931)"; flow:established,from_client; content:"GET"; http_method; content:"/6b3te5tj6otjbik.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602931/; classtype:trojan-activity;sid:84466031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602927)"; flow:established,from_client; content:"GET"; http_method; content:"/grycdq6qdnaztix.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602927/; classtype:trojan-activity;sid:84466027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602926)"; flow:established,from_client; content:"GET"; http_method; content:"/j6cpnjk37bjjm7u.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602926/; classtype:trojan-activity;sid:84466026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602924)"; flow:established,from_client; content:"GET"; http_method; content:"/pwqumlzvxrdywgv.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602924/; classtype:trojan-activity;sid:84466024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602921)"; flow:established,from_client; content:"GET"; http_method; content:"/c91kmsh9sq05mdr.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602921/; classtype:trojan-activity;sid:84466021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602898)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.46.152.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602898/; classtype:trojan-activity;sid:84465998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602897)"; flow:established,from_client; content:"GET"; http_method; content:"/5.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.46.152.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602897/; classtype:trojan-activity;sid:84465997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602487)"; flow:established,from_client; content:"GET"; http_method; content:"/scanubs9420625fpdf.7z"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"access.skaparade.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602487/; classtype:trojan-activity;sid:84465587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602123)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602123/; classtype:trojan-activity;sid:84465223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602110)"; flow:established,from_client; content:"GET"; http_method; content:"/z/wget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602110/; classtype:trojan-activity;sid:84465210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602109)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602109/; classtype:trojan-activity;sid:84465209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602108)"; flow:established,from_client; content:"GET"; http_method; content:"/z/asd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602108/; classtype:trojan-activity;sid:84465208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602107)"; flow:established,from_client; content:"GET"; http_method; content:"/z/fdgsfg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602107/; classtype:trojan-activity;sid:84465207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602106)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602106/; classtype:trojan-activity;sid:84465206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602100)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602100/; classtype:trojan-activity;sid:84465200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602101)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602101/; classtype:trojan-activity;sid:84465201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602102)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602102/; classtype:trojan-activity;sid:84465202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602103)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602103/; classtype:trojan-activity;sid:84465203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602105)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602105/; classtype:trojan-activity;sid:84465205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602094)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602094/; classtype:trojan-activity;sid:84465194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602095)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602095/; classtype:trojan-activity;sid:84465195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602096)"; flow:established,from_client; content:"GET"; http_method; content:"/z/adb"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602096/; classtype:trojan-activity;sid:84465196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602097)"; flow:established,from_client; content:"GET"; http_method; content:"/z/av.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602097/; classtype:trojan-activity;sid:84465197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602098)"; flow:established,from_client; content:"GET"; http_method; content:"/z/test.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602098/; classtype:trojan-activity;sid:84465198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602099)"; flow:established,from_client; content:"GET"; http_method; content:"/z/jaws"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602099/; classtype:trojan-activity;sid:84465199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602090)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602090/; classtype:trojan-activity;sid:84465190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602091)"; flow:established,from_client; content:"GET"; http_method; content:"/cn"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602091/; classtype:trojan-activity;sid:84465191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602092)"; flow:established,from_client; content:"GET"; http_method; content:"/z/g"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602092/; classtype:trojan-activity;sid:84465192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602093)"; flow:established,from_client; content:"GET"; http_method; content:"/z/ipc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602093/; classtype:trojan-activity;sid:84465193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602085)"; flow:established,from_client; content:"GET"; http_method; content:"/z/b"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602085/; classtype:trojan-activity;sid:84465185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602086)"; flow:established,from_client; content:"GET"; http_method; content:"/ru.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602086/; classtype:trojan-activity;sid:84465186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602071)"; flow:established,from_client; content:"GET"; http_method; content:"/z/vc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602071/; classtype:trojan-activity;sid:84465171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602072)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bx"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602072/; classtype:trojan-activity;sid:84465172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602073)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602073/; classtype:trojan-activity;sid:84465173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602074)"; flow:established,from_client; content:"GET"; http_method; content:"/z/lll"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602074/; classtype:trojan-activity;sid:84465174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602075)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602075/; classtype:trojan-activity;sid:84465175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602076)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602076/; classtype:trojan-activity;sid:84465176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602077)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602077/; classtype:trojan-activity;sid:84465177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602078)"; flow:established,from_client; content:"GET"; http_method; content:"/t.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602078/; classtype:trojan-activity;sid:84465178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602079)"; flow:established,from_client; content:"GET"; http_method; content:"/z/gocl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602079/; classtype:trojan-activity;sid:84465179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602080)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602080/; classtype:trojan-activity;sid:84465180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602081)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602081/; classtype:trojan-activity;sid:84465181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602082)"; flow:established,from_client; content:"GET"; http_method; content:"/q"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602082/; classtype:trojan-activity;sid:84465182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602083)"; flow:established,from_client; content:"GET"; http_method; content:"/e"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602083/; classtype:trojan-activity;sid:84465183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602084)"; flow:established,from_client; content:"GET"; http_method; content:"/z/irz"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602084/; classtype:trojan-activity;sid:84465184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602070)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602070/; classtype:trojan-activity;sid:84465170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602057)"; flow:established,from_client; content:"GET"; http_method; content:"/z/f5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602057/; classtype:trojan-activity;sid:84465157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602058)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602058/; classtype:trojan-activity;sid:84465158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602059)"; flow:established,from_client; content:"GET"; http_method; content:"/z/sdt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602059/; classtype:trojan-activity;sid:84465159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602060)"; flow:established,from_client; content:"GET"; http_method; content:"/z/aaa"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602060/; classtype:trojan-activity;sid:84465160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602061)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602061/; classtype:trojan-activity;sid:84465161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602062)"; flow:established,from_client; content:"GET"; http_method; content:"/z/fb"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602062/; classtype:trojan-activity;sid:84465162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602063)"; flow:established,from_client; content:"GET"; http_method; content:"/z/mag"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602063/; classtype:trojan-activity;sid:84465163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602064)"; flow:established,from_client; content:"GET"; http_method; content:"/tp"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602064/; classtype:trojan-activity;sid:84465164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602065)"; flow:established,from_client; content:"GET"; http_method; content:"/z/linksys"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602065/; classtype:trojan-activity;sid:84465165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602067)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602067/; classtype:trojan-activity;sid:84465167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602068)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602068/; classtype:trojan-activity;sid:84465168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602054)"; flow:established,from_client; content:"GET"; http_method; content:"/z/ruck"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602054/; classtype:trojan-activity;sid:84465154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602055)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602055/; classtype:trojan-activity;sid:84465155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602056)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602056/; classtype:trojan-activity;sid:84465156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602044)"; flow:established,from_client; content:"GET"; http_method; content:"/z/multi"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602044/; classtype:trojan-activity;sid:84465144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602045)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602045/; classtype:trojan-activity;sid:84465145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602046)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602046/; classtype:trojan-activity;sid:84465146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602047)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602047/; classtype:trojan-activity;sid:84465147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602048)"; flow:established,from_client; content:"GET"; http_method; content:"/x"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602048/; classtype:trojan-activity;sid:84465148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602049)"; flow:established,from_client; content:"GET"; http_method; content:"/z/xaxa"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602049/; classtype:trojan-activity;sid:84465149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602050)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602050/; classtype:trojan-activity;sid:84465150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602051)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602051/; classtype:trojan-activity;sid:84465151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602052)"; flow:established,from_client; content:"GET"; http_method; content:"/z/toto"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602052/; classtype:trojan-activity;sid:84465152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602053)"; flow:established,from_client; content:"GET"; http_method; content:"/z/zz"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602053/; classtype:trojan-activity;sid:84465153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602032)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602032/; classtype:trojan-activity;sid:84465132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602033)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602033/; classtype:trojan-activity;sid:84465133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602034)"; flow:established,from_client; content:"GET"; http_method; content:"/z/k.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602034/; classtype:trojan-activity;sid:84465134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602035)"; flow:established,from_client; content:"GET"; http_method; content:"/z/li"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602035/; classtype:trojan-activity;sid:84465135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602036)"; flow:established,from_client; content:"GET"; http_method; content:"/z/get.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602036/; classtype:trojan-activity;sid:84465136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602037)"; flow:established,from_client; content:"GET"; http_method; content:"/get.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602037/; classtype:trojan-activity;sid:84465137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602040)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602040/; classtype:trojan-activity;sid:84465140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602041)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602041/; classtype:trojan-activity;sid:84465141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602042)"; flow:established,from_client; content:"GET"; http_method; content:"/z/weed"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602042/; classtype:trojan-activity;sid:84465142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602043)"; flow:established,from_client; content:"GET"; http_method; content:"/z/w.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602043/; classtype:trojan-activity;sid:84465143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602030)"; flow:established,from_client; content:"GET"; http_method; content:"/z/mpsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602030/; classtype:trojan-activity;sid:84465130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602029)"; flow:established,from_client; content:"GET"; http_method; content:"/z/x86_64"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602029/; classtype:trojan-activity;sid:84465129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602026)"; flow:established,from_client; content:"GET"; http_method; content:"/z/m68k"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602026/; classtype:trojan-activity;sid:84465126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602019)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602019/; classtype:trojan-activity;sid:84465119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602020)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602020/; classtype:trojan-activity;sid:84465120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602021)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602021/; classtype:trojan-activity;sid:84465121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602015)"; flow:established,from_client; content:"GET"; http_method; content:"/z/sh4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602015/; classtype:trojan-activity;sid:84465115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602016)"; flow:established,from_client; content:"GET"; http_method; content:"/z/arm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602016/; classtype:trojan-activity;sid:84465116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602018)"; flow:established,from_client; content:"GET"; http_method; content:"/rtz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602018/; classtype:trojan-activity;sid:84465118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602010)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602010/; classtype:trojan-activity;sid:84465110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602012)"; flow:established,from_client; content:"GET"; http_method; content:"/z/spc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602012/; classtype:trojan-activity;sid:84465112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602014)"; flow:established,from_client; content:"GET"; http_method; content:"/z/debug.dbg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602014/; classtype:trojan-activity;sid:84465114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wp.grovespras.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601854/; classtype:trojan-activity;sid:84464954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.249.69.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601618/; classtype:trojan-activity;sid:84464718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.249.69.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601615/; classtype:trojan-activity;sid:84464715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.203.233.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601538/; classtype:trojan-activity;sid:84464638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601493/; classtype:trojan-activity;sid:84464593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601478/; classtype:trojan-activity;sid:84464578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601445)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.126.150.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601445/; classtype:trojan-activity;sid:84464545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.246.224.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601448/; classtype:trojan-activity;sid:84464548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.34.165.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601437/; classtype:trojan-activity;sid:84464537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601426)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.147.199.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601426/; classtype:trojan-activity;sid:84464526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601377)"; flow:established,from_client; content:"GET"; http_method; content:"/gue8austxqalf39.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601377/; classtype:trojan-activity;sid:84464477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601376)"; flow:established,from_client; content:"GET"; http_method; content:"/sonz984ijtf8dpr.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601376/; classtype:trojan-activity;sid:84464476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601375)"; flow:established,from_client; content:"GET"; http_method; content:"/a0bqmrtf7gnqstn.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601375/; classtype:trojan-activity;sid:84464475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"192.159.99.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601212/; classtype:trojan-activity;sid:84464312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601009)"; flow:established,from_client; content:"GET"; http_method; content:"/arm/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601009/; classtype:trojan-activity;sid:84464109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600977)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600977/; classtype:trojan-activity;sid:84464077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600965)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600965/; classtype:trojan-activity;sid:84464065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600961)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600961/; classtype:trojan-activity;sid:84464061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600958)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600958/; classtype:trojan-activity;sid:84464058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600960)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600960/; classtype:trojan-activity;sid:84464060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600937)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600937/; classtype:trojan-activity;sid:84464037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600939)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600939/; classtype:trojan-activity;sid:84464039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600931)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600931/; classtype:trojan-activity;sid:84464031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600932)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600932/; classtype:trojan-activity;sid:84464032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600933)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600933/; classtype:trojan-activity;sid:84464033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600934)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.72.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600934/; classtype:trojan-activity;sid:84464034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600911)"; flow:established,from_client; content:"GET"; http_method; content:"/av.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"blaiz.me"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600911/; classtype:trojan-activity;sid:84464011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.217.16.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600845/; classtype:trojan-activity;sid:84463945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.142.217.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600836/; classtype:trojan-activity;sid:84463936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600786)"; flow:established,from_client; content:"GET"; http_method; content:"/js/timer.jquery.js"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"googletagamnager.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600786/; classtype:trojan-activity;sid:84463886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.8.227.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600419/; classtype:trojan-activity;sid:84463519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.91.3.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600259/; classtype:trojan-activity;sid:84463359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600164)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.90.153.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600164/; classtype:trojan-activity;sid:84463264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600163)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.46.152.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600163/; classtype:trojan-activity;sid:84463263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600162)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.46.152.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600162/; classtype:trojan-activity;sid:84463262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600127)"; flow:established,from_client; content:"GET"; http_method; content:"/s/ssa-236-5263-89.msi"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"jayexecutive.co.ke"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600127/; classtype:trojan-activity;sid:84463227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.8.227.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599968/; classtype:trojan-activity;sid:84463068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599861)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"evoribusiness.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599861/; classtype:trojan-activity;sid:84462961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599862)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"evoribusiness.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599862/; classtype:trojan-activity;sid:84462962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599860)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"95.169.180.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599860/; classtype:trojan-activity;sid:84462960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599852)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.169.180.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599852/; classtype:trojan-activity;sid:84462952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599853)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.169.180.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599853/; classtype:trojan-activity;sid:84462953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599854)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"evoribusiness.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599854/; classtype:trojan-activity;sid:84462954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599855)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"evoribusiness.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599855/; classtype:trojan-activity;sid:84462955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599856)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.169.180.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599856/; classtype:trojan-activity;sid:84462956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599857)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"evoribusiness.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599857/; classtype:trojan-activity;sid:84462957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599858)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"evoribusiness.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599858/; classtype:trojan-activity;sid:84462958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599859)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"evoribusiness.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599859/; classtype:trojan-activity;sid:84462959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599850)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"evoribusiness.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599850/; classtype:trojan-activity;sid:84462950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599851)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"evoribusiness.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599851/; classtype:trojan-activity;sid:84462951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599849)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.169.180.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599849/; classtype:trojan-activity;sid:84462949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599839)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.169.180.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599839/; classtype:trojan-activity;sid:84462939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599840)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.169.180.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599840/; classtype:trojan-activity;sid:84462940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599841)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"evoribusiness.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599841/; classtype:trojan-activity;sid:84462941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599842)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.169.180.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599842/; classtype:trojan-activity;sid:84462942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599843)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.169.180.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599843/; classtype:trojan-activity;sid:84462943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599844)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.169.180.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599844/; classtype:trojan-activity;sid:84462944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599845)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.169.180.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599845/; classtype:trojan-activity;sid:84462945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599846)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.169.180.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599846/; classtype:trojan-activity;sid:84462946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599847)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"evoribusiness.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599847/; classtype:trojan-activity;sid:84462947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599848)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"evoribusiness.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599848/; classtype:trojan-activity;sid:84462948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599838)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.54.239.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599838/; classtype:trojan-activity;sid:84462938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.94.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599812/; classtype:trojan-activity;sid:84462912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.200.131.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599814/; classtype:trojan-activity;sid:84462914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599658)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.bash"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"162.248.53.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599658/; classtype:trojan-activity;sid:84462758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599644)"; flow:established,from_client; content:"GET"; http_method; content:"/rev-shell.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"162.248.53.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599644/; classtype:trojan-activity;sid:84462744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599638)"; flow:established,from_client; content:"GET"; http_method; content:"/logr"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.248.53.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599638/; classtype:trojan-activity;sid:84462738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599637)"; flow:established,from_client; content:"GET"; http_method; content:"/pws1.vbs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.83.28.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599637/; classtype:trojan-activity;sid:84462737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599565)"; flow:established,from_client; content:"GET"; http_method; content:"/dxyylufh8jvgoyy.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599565/; classtype:trojan-activity;sid:84462665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599563)"; flow:established,from_client; content:"GET"; http_method; content:"/bsbgcvdcsehvaj1.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599563/; classtype:trojan-activity;sid:84462663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599562)"; flow:established,from_client; content:"GET"; http_method; content:"/areaie0m5uqspuz.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599562/; classtype:trojan-activity;sid:84462662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599450)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"78.29.45.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599450/; classtype:trojan-activity;sid:84462550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599149)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"14.103.234.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599149/; classtype:trojan-activity;sid:84462249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599113)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.106.229.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599113/; classtype:trojan-activity;sid:84462213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.54.221.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599106/; classtype:trojan-activity;sid:84462206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599093)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.235.87.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599093/; classtype:trojan-activity;sid:84462193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.203.233.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598943/; classtype:trojan-activity;sid:84462043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.73.82.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598806/; classtype:trojan-activity;sid:84461906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.217.90.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598771/; classtype:trojan-activity;sid:84461871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.90.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598766/; classtype:trojan-activity;sid:84461866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598729)"; flow:established,from_client; content:"GET"; http_method; content:"/godage3atompsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"phpmyadmin.hebergement.ml-shop-fr.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598729/; classtype:trojan-activity;sid:84461829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598727)"; flow:established,from_client; content:"GET"; http_method; content:"/godage3atosh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"phpmyadmin.hebergement.ml-shop-fr.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598727/; classtype:trojan-activity;sid:84461827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598728)"; flow:established,from_client; content:"GET"; http_method; content:"/godage3atox64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"phpmyadmin.hebergement.ml-shop-fr.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598728/; classtype:trojan-activity;sid:84461828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598720)"; flow:established,from_client; content:"GET"; http_method; content:"/godage3atoppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"phpmyadmin.hebergement.ml-shop-fr.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598720/; classtype:trojan-activity;sid:84461820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598721)"; flow:established,from_client; content:"GET"; http_method; content:"/godage3atoarm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"phpmyadmin.hebergement.ml-shop-fr.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598721/; classtype:trojan-activity;sid:84461821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598722)"; flow:established,from_client; content:"GET"; http_method; content:"/godage3atom68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"phpmyadmin.hebergement.ml-shop-fr.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598722/; classtype:trojan-activity;sid:84461822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598724)"; flow:established,from_client; content:"GET"; http_method; content:"/godage3atoarm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"phpmyadmin.hebergement.ml-shop-fr.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598724/; classtype:trojan-activity;sid:84461824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598726)"; flow:established,from_client; content:"GET"; http_method; content:"/godage3atospc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"phpmyadmin.hebergement.ml-shop-fr.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598726/; classtype:trojan-activity;sid:84461826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598718)"; flow:established,from_client; content:"GET"; http_method; content:"/godage3atoarm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"phpmyadmin.hebergement.ml-shop-fr.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598718/; classtype:trojan-activity;sid:84461818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598719)"; flow:established,from_client; content:"GET"; http_method; content:"/godage3atox86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"phpmyadmin.hebergement.ml-shop-fr.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598719/; classtype:trojan-activity;sid:84461819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598496)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.150.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598496/; classtype:trojan-activity;sid:84461596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598184)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86_64"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"213.209.150.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598184/; classtype:trojan-activity;sid:84461284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598088)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"213.209.150.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598088/; classtype:trojan-activity;sid:84461188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598089)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"213.209.150.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598089/; classtype:trojan-activity;sid:84461189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598090)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"213.209.150.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598090/; classtype:trojan-activity;sid:84461190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598083)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"213.209.150.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598083/; classtype:trojan-activity;sid:84461183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598081)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"213.209.150.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598081/; classtype:trojan-activity;sid:84461181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598077)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"213.209.150.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598077/; classtype:trojan-activity;sid:84461177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598075)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"213.209.150.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598075/; classtype:trojan-activity;sid:84461175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598076)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"213.209.150.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598076/; classtype:trojan-activity;sid:84461176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598074)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"213.209.150.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598074/; classtype:trojan-activity;sid:84461174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598073)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"213.209.150.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598073/; classtype:trojan-activity;sid:84461173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598070)"; flow:established,from_client; content:"GET"; http_method; content:"/jaybobo1/supplier/refs/heads/main/order-2025.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598070/; classtype:trojan-activity;sid:84461170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598069)"; flow:established,from_client; content:"GET"; http_method; content:"/jaybobo1/supplier/raw/refs/heads/main/po.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598069/; classtype:trojan-activity;sid:84461169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598067)"; flow:established,from_client; content:"GET"; http_method; content:"/jaybobo1/supplier/raw/refs/heads/main/1n5hpxtzivrpei5.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598067/; classtype:trojan-activity;sid:84461167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598066)"; flow:established,from_client; content:"GET"; http_method; content:"/jaybobo1/supplier/raw/refs/heads/main/order-2025.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598066/; classtype:trojan-activity;sid:84461166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598063)"; flow:established,from_client; content:"GET"; http_method; content:"/jaybobo1/supplier/raw/refs/heads/main/po_112.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598063/; classtype:trojan-activity;sid:84461163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598064)"; flow:established,from_client; content:"GET"; http_method; content:"/jaybobo1/supplier/raw/refs/heads/main/order-49575.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598064/; classtype:trojan-activity;sid:84461164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598065)"; flow:established,from_client; content:"GET"; http_method; content:"/jaybobo1/supplier/raw/refs/heads/main/afqfc7p9rbi5wj0.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598065/; classtype:trojan-activity;sid:84461165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598060)"; flow:established,from_client; content:"GET"; http_method; content:"/jaybobo1/supplier/refs/heads/main/po_112.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598060/; classtype:trojan-activity;sid:84461160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598046)"; flow:established,from_client; content:"GET"; http_method; content:"/8001"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.249.172.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598046/; classtype:trojan-activity;sid:84461146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597805)"; flow:established,from_client; content:"GET"; http_method; content:"/upwslryosvr04ow.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597805/; classtype:trojan-activity;sid:84460905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597799)"; flow:established,from_client; content:"GET"; http_method; content:"/mmom6dik7db78fz.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597799/; classtype:trojan-activity;sid:84460899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597699)"; flow:established,from_client; content:"GET"; http_method; content:"/user_profiles_photo/shellcode.bin"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"94.154.35.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597699/; classtype:trojan-activity;sid:84460799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597698)"; flow:established,from_client; content:"GET"; http_method; content:"/user_profiles_photo/cptch.bin"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"94.154.35.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597698/; classtype:trojan-activity;sid:84460798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597689)"; flow:established,from_client; content:"GET"; http_method; content:"/user_profiles_photo/stlc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"94.154.35.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597689/; classtype:trojan-activity;sid:84460789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597686)"; flow:established,from_client; content:"GET"; http_method; content:"/copilotdrivers.js"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"181.206.158.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597686/; classtype:trojan-activity;sid:84460786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597670)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.98.136.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597670/; classtype:trojan-activity;sid:84460770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597664)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.97.118.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597664/; classtype:trojan-activity;sid:84460764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597662)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.159.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597662/; classtype:trojan-activity;sid:84460762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597645)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.125.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597645/; classtype:trojan-activity;sid:84460745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597559)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_t0t1.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.83.28.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597559/; classtype:trojan-activity;sid:84460659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597553)"; flow:established,from_client; content:"GET"; http_method; content:"/new1.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.83.28.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597553/; classtype:trojan-activity;sid:84460653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597558)"; flow:established,from_client; content:"GET"; http_method; content:"/new.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.83.28.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597558/; classtype:trojan-activity;sid:84460658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597549)"; flow:established,from_client; content:"GET"; http_method; content:"/quz1.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.83.28.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597549/; classtype:trojan-activity;sid:84460649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597548)"; flow:established,from_client; content:"GET"; http_method; content:"/quz11.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.83.28.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597548/; classtype:trojan-activity;sid:84460648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597547)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_abb1.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.83.28.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597547/; classtype:trojan-activity;sid:84460647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597546)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_quz1.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.83.28.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597546/; classtype:trojan-activity;sid:84460646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597544)"; flow:established,from_client; content:"GET"; http_method; content:"/ftsp1.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.83.28.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597544/; classtype:trojan-activity;sid:84460644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597543)"; flow:established,from_client; content:"GET"; http_method; content:"/abb1.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.83.28.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597543/; classtype:trojan-activity;sid:84460643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597542)"; flow:established,from_client; content:"GET"; http_method; content:"/zipped/map.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.83.28.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597542/; classtype:trojan-activity;sid:84460642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597541)"; flow:established,from_client; content:"GET"; http_method; content:"/abb11.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.83.28.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597541/; classtype:trojan-activity;sid:84460641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597540)"; flow:established,from_client; content:"GET"; http_method; content:"/zipped/stark.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.83.28.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597540/; classtype:trojan-activity;sid:84460640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597379)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"117.72.183.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597379/; classtype:trojan-activity;sid:84460479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597374)"; flow:established,from_client; content:"GET"; http_method; content:"/updserc.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"emprotel.net.bo"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597374/; classtype:trojan-activity;sid:84460474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.68.235.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597310/; classtype:trojan-activity;sid:84460410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.68.235.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597303/; classtype:trojan-activity;sid:84460403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597188)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/av.lnk"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597188/; classtype:trojan-activity;sid:84460288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597189)"; flow:established,from_client; content:"GET"; http_method; content:"/20231222%e5%bd%b1%e6%8a%80/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597189/; classtype:trojan-activity;sid:84460289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597190)"; flow:established,from_client; content:"GET"; http_method; content:"/20231208_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/video.lnk"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597190/; classtype:trojan-activity;sid:84460290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597186)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/video.scr"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597186/; classtype:trojan-activity;sid:84460286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597187)"; flow:established,from_client; content:"GET"; http_method; content:"/20231215_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/video.scr"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597187/; classtype:trojan-activity;sid:84460287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597185)"; flow:established,from_client; content:"GET"; http_method; content:"/20231208_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/av.scr"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597185/; classtype:trojan-activity;sid:84460285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597183)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597183/; classtype:trojan-activity;sid:84460283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597184)"; flow:established,from_client; content:"GET"; http_method; content:"/20231208_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/video.scr"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597184/; classtype:trojan-activity;sid:84460284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597181)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597181/; classtype:trojan-activity;sid:84460281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597182)"; flow:established,from_client; content:"GET"; http_method; content:"/20231215_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/av.scr"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597182/; classtype:trojan-activity;sid:84460282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597179)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597179/; classtype:trojan-activity;sid:84460279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597180)"; flow:established,from_client; content:"GET"; http_method; content:"/20231208_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/photo.lnk"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597180/; classtype:trojan-activity;sid:84460280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597173)"; flow:established,from_client; content:"GET"; http_method; content:"/20231222%e5%bd%b1%e6%8a%80/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597173/; classtype:trojan-activity;sid:84460273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597174)"; flow:established,from_client; content:"GET"; http_method; content:"/20231215_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/photo.scr"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597174/; classtype:trojan-activity;sid:84460274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597175)"; flow:established,from_client; content:"GET"; http_method; content:"/20231222%e5%bd%b1%e6%8a%80/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597175/; classtype:trojan-activity;sid:84460275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597176)"; flow:established,from_client; content:"GET"; http_method; content:"/20231215_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/photo.lnk"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597176/; classtype:trojan-activity;sid:84460276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597177)"; flow:established,from_client; content:"GET"; http_method; content:"/20231208_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/photo.scr"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597177/; classtype:trojan-activity;sid:84460277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597170)"; flow:established,from_client; content:"GET"; http_method; content:"/20231222%e5%bd%b1%e6%8a%80/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597170/; classtype:trojan-activity;sid:84460270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597172)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/photo.scr"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597172/; classtype:trojan-activity;sid:84460272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597168)"; flow:established,from_client; content:"GET"; http_method; content:"/thumbnails/av.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597168/; classtype:trojan-activity;sid:84460268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597169)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/video.lnk"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597169/; classtype:trojan-activity;sid:84460269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597162)"; flow:established,from_client; content:"GET"; http_method; content:"/thumbnails/photo.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597162/; classtype:trojan-activity;sid:84460262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597163)"; flow:established,from_client; content:"GET"; http_method; content:"/20231222%e5%bd%b1%e6%8a%80/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597163/; classtype:trojan-activity;sid:84460263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597164)"; flow:established,from_client; content:"GET"; http_method; content:"/thumbnails/video.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597164/; classtype:trojan-activity;sid:84460264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597165)"; flow:established,from_client; content:"GET"; http_method; content:"/20231215_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/av.lnk"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597165/; classtype:trojan-activity;sid:84460265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597166)"; flow:established,from_client; content:"GET"; http_method; content:"/20231208_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/av.lnk"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597166/; classtype:trojan-activity;sid:84460266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597167)"; flow:established,from_client; content:"GET"; http_method; content:"/20231215_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/video.lnk"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597167/; classtype:trojan-activity;sid:84460267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597150)"; flow:established,from_client; content:"GET"; http_method; content:"/zmyjungmin/img001.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597150/; classtype:trojan-activity;sid:84460250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597032)"; flow:established,from_client; content:"GET"; http_method; content:"/bg.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.103.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597032/; classtype:trojan-activity;sid:84460132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597011)"; flow:established,from_client; content:"GET"; http_method; content:"/header.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"144.91.103.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597011/; classtype:trojan-activity;sid:84460111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596996)"; flow:established,from_client; content:"GET"; http_method; content:"/logo.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"144.91.103.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596996/; classtype:trojan-activity;sid:84460096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596593)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.94.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596593/; classtype:trojan-activity;sid:84459693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596590)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.43.28.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596590/; classtype:trojan-activity;sid:84459690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.218.189.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596573/; classtype:trojan-activity;sid:84459673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596565)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.155.155.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596565/; classtype:trojan-activity;sid:84459665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596568)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.91.236"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596568/; classtype:trojan-activity;sid:84459668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596562)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.125.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596562/; classtype:trojan-activity;sid:84459662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596563)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.125.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596563/; classtype:trojan-activity;sid:84459663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596564)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.125.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596564/; classtype:trojan-activity;sid:84459664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.255.232.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596545/; classtype:trojan-activity;sid:84459645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596378)"; flow:established,from_client; content:"GET"; http_method; content:"/main_spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.85.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596378/; classtype:trojan-activity;sid:84459478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596164)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/js/invoice.bat"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.vastkupan.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596164/; classtype:trojan-activity;sid:84459264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596151)"; flow:established,from_client; content:"GET"; http_method; content:"/map.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.83.28.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596151/; classtype:trojan-activity;sid:84459251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596150)"; flow:established,from_client; content:"GET"; http_method; content:"/stark.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.83.28.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596150/; classtype:trojan-activity;sid:84459250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596145)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.106.144.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596145/; classtype:trojan-activity;sid:84459245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596143)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.97.118.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596143/; classtype:trojan-activity;sid:84459243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596137)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"42.51.34.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596137/; classtype:trojan-activity;sid:84459237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595978)"; flow:established,from_client; content:"GET"; http_method; content:"/godage3atomips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"83.150.218.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595978/; classtype:trojan-activity;sid:84459078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595979)"; flow:established,from_client; content:"GET"; http_method; content:"/godage3atoarm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"83.150.218.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595979/; classtype:trojan-activity;sid:84459079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595980)"; flow:established,from_client; content:"GET"; http_method; content:"/godage3atox64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"83.150.218.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595980/; classtype:trojan-activity;sid:84459080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595981)"; flow:established,from_client; content:"GET"; http_method; content:"/godage3atoarm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"83.150.218.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595981/; classtype:trojan-activity;sid:84459081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595982)"; flow:established,from_client; content:"GET"; http_method; content:"/godage3atom68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"83.150.218.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595982/; classtype:trojan-activity;sid:84459082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595983)"; flow:established,from_client; content:"GET"; http_method; content:"/godage3atosh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"83.150.218.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595983/; classtype:trojan-activity;sid:84459083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595986)"; flow:established,from_client; content:"GET"; http_method; content:"/godage3atospc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"83.150.218.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595986/; classtype:trojan-activity;sid:84459086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595987)"; flow:established,from_client; content:"GET"; http_method; content:"/godage3atompsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"83.150.218.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595987/; classtype:trojan-activity;sid:84459087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595988)"; flow:established,from_client; content:"GET"; http_method; content:"/godage3atox86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"83.150.218.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595988/; classtype:trojan-activity;sid:84459088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595989)"; flow:established,from_client; content:"GET"; http_method; content:"/godage3atoarm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"83.150.218.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595989/; classtype:trojan-activity;sid:84459089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595990)"; flow:established,from_client; content:"GET"; http_method; content:"/godage3atoppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"83.150.218.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595990/; classtype:trojan-activity;sid:84459090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.55.98.253"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595950/; classtype:trojan-activity;sid:84459050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595852)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"111.231.23.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595852/; classtype:trojan-activity;sid:84458952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595848)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"172.190.147.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595848/; classtype:trojan-activity;sid:84458948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595371)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.85.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595371/; classtype:trojan-activity;sid:84458471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.255.232.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595313/; classtype:trojan-activity;sid:84458413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595245)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.218.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595245/; classtype:trojan-activity;sid:84458345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595240)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.122.30.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595240/; classtype:trojan-activity;sid:84458340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.50.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595238/; classtype:trojan-activity;sid:84458338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.208.181.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595236/; classtype:trojan-activity;sid:84458336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.143.31.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595225/; classtype:trojan-activity;sid:84458325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.161.244.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595229/; classtype:trojan-activity;sid:84458329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595215)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"171.247.205.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595215/; classtype:trojan-activity;sid:84458315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595203)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.241.78.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595203/; classtype:trojan-activity;sid:84458303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595194)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.41.159.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595194/; classtype:trojan-activity;sid:84458294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595179)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.85.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595179/; classtype:trojan-activity;sid:84458279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595180)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.85.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595180/; classtype:trojan-activity;sid:84458280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595181)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.85.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595181/; classtype:trojan-activity;sid:84458281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595182)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.85.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595182/; classtype:trojan-activity;sid:84458282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595183)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.85.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595183/; classtype:trojan-activity;sid:84458283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595184)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.85.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595184/; classtype:trojan-activity;sid:84458284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595175)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.85.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595175/; classtype:trojan-activity;sid:84458275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595176)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.85.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595176/; classtype:trojan-activity;sid:84458276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595177)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.85.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595177/; classtype:trojan-activity;sid:84458277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594962)"; flow:established,from_client; content:"GET"; http_method; content:"/.ssa/t1.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"isiore.com.co"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594962/; classtype:trojan-activity;sid:84458062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594942)"; flow:established,from_client; content:"GET"; http_method; content:"/r00tnik8/zianr35524869492586/raw/refs/heads/main/plugin3.plg"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594942/; classtype:trojan-activity;sid:84458042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594790)"; flow:established,from_client; content:"GET"; http_method; content:"/z/mag"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594790/; classtype:trojan-activity;sid:84457890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594788)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594788/; classtype:trojan-activity;sid:84457888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594789)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594789/; classtype:trojan-activity;sid:84457889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594785)"; flow:established,from_client; content:"GET"; http_method; content:"/z/zz"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594785/; classtype:trojan-activity;sid:84457885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594783)"; flow:established,from_client; content:"GET"; http_method; content:"/z/av.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594783/; classtype:trojan-activity;sid:84457883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594784)"; flow:established,from_client; content:"GET"; http_method; content:"/z/li"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594784/; classtype:trojan-activity;sid:84457884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594778)"; flow:established,from_client; content:"GET"; http_method; content:"/z/adb"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594778/; classtype:trojan-activity;sid:84457878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594779)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594779/; classtype:trojan-activity;sid:84457879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594780)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594780/; classtype:trojan-activity;sid:84457880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594781)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594781/; classtype:trojan-activity;sid:84457881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594775)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594775/; classtype:trojan-activity;sid:84457875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594776)"; flow:established,from_client; content:"GET"; http_method; content:"/z/k.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594776/; classtype:trojan-activity;sid:84457876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594777)"; flow:established,from_client; content:"GET"; http_method; content:"/z/ipc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594777/; classtype:trojan-activity;sid:84457877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594771)"; flow:established,from_client; content:"GET"; http_method; content:"/5"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594771/; classtype:trojan-activity;sid:84457871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594772)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594772/; classtype:trojan-activity;sid:84457872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594773)"; flow:established,from_client; content:"GET"; http_method; content:"/z/xaxa"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594773/; classtype:trojan-activity;sid:84457873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594766)"; flow:established,from_client; content:"GET"; http_method; content:"/z/asd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594766/; classtype:trojan-activity;sid:84457866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594767)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594767/; classtype:trojan-activity;sid:84457867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594768)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594768/; classtype:trojan-activity;sid:84457868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594769)"; flow:established,from_client; content:"GET"; http_method; content:"/z/wget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594769/; classtype:trojan-activity;sid:84457869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594764)"; flow:established,from_client; content:"GET"; http_method; content:"/z/fb"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594764/; classtype:trojan-activity;sid:84457864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594756)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594756/; classtype:trojan-activity;sid:84457856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594757)"; flow:established,from_client; content:"GET"; http_method; content:"/z/jaws"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594757/; classtype:trojan-activity;sid:84457857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594758)"; flow:established,from_client; content:"GET"; http_method; content:"/z/irz"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594758/; classtype:trojan-activity;sid:84457858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594759)"; flow:established,from_client; content:"GET"; http_method; content:"/z/aaa"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594759/; classtype:trojan-activity;sid:84457859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594760)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594760/; classtype:trojan-activity;sid:84457860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594761)"; flow:established,from_client; content:"GET"; http_method; content:"/z/linksys"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594761/; classtype:trojan-activity;sid:84457861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594762)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594762/; classtype:trojan-activity;sid:84457862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594754)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594754/; classtype:trojan-activity;sid:84457854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594755)"; flow:established,from_client; content:"GET"; http_method; content:"/z/weed"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594755/; classtype:trojan-activity;sid:84457855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594753)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594753/; classtype:trojan-activity;sid:84457853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594746)"; flow:established,from_client; content:"GET"; http_method; content:"/create.py"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594746/; classtype:trojan-activity;sid:84457846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594747)"; flow:established,from_client; content:"GET"; http_method; content:"/z/vc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594747/; classtype:trojan-activity;sid:84457847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594748)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594748/; classtype:trojan-activity;sid:84457848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594749)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594749/; classtype:trojan-activity;sid:84457849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594751)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594751/; classtype:trojan-activity;sid:84457851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594752)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594752/; classtype:trojan-activity;sid:84457852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594744)"; flow:established,from_client; content:"GET"; http_method; content:"/z/toto"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594744/; classtype:trojan-activity;sid:84457844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594745)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594745/; classtype:trojan-activity;sid:84457845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594740)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594740/; classtype:trojan-activity;sid:84457840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594741)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594741/; classtype:trojan-activity;sid:84457841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594742)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594742/; classtype:trojan-activity;sid:84457842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594734)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594734/; classtype:trojan-activity;sid:84457834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594735)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594735/; classtype:trojan-activity;sid:84457835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594736)"; flow:established,from_client; content:"GET"; http_method; content:"/z/lll"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594736/; classtype:trojan-activity;sid:84457836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594737)"; flow:established,from_client; content:"GET"; http_method; content:"/z/ruck"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594737/; classtype:trojan-activity;sid:84457837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594738)"; flow:established,from_client; content:"GET"; http_method; content:"/z/fdgsfg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594738/; classtype:trojan-activity;sid:84457838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594733)"; flow:established,from_client; content:"GET"; http_method; content:"/z/w.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594733/; classtype:trojan-activity;sid:84457833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594731)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594731/; classtype:trojan-activity;sid:84457831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594732)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594732/; classtype:trojan-activity;sid:84457832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594728)"; flow:established,from_client; content:"GET"; http_method; content:"/z/gocl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594728/; classtype:trojan-activity;sid:84457828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594729)"; flow:established,from_client; content:"GET"; http_method; content:"/z/test.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594729/; classtype:trojan-activity;sid:84457829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594730)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594730/; classtype:trojan-activity;sid:84457830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594725)"; flow:established,from_client; content:"GET"; http_method; content:"/z/sdt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594725/; classtype:trojan-activity;sid:84457825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594726)"; flow:established,from_client; content:"GET"; http_method; content:"/z/b"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594726/; classtype:trojan-activity;sid:84457826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594727)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594727/; classtype:trojan-activity;sid:84457827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594677)"; flow:established,from_client; content:"GET"; http_method; content:"/rtz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594677/; classtype:trojan-activity;sid:84457777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594674)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594674/; classtype:trojan-activity;sid:84457774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594666)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594666/; classtype:trojan-activity;sid:84457766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594663)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594663/; classtype:trojan-activity;sid:84457763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594664)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594664/; classtype:trojan-activity;sid:84457764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594665)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594665/; classtype:trojan-activity;sid:84457765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594660)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594660/; classtype:trojan-activity;sid:84457760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594661)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594661/; classtype:trojan-activity;sid:84457761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594662)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.69.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594662/; classtype:trojan-activity;sid:84457762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.25.107.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594538/; classtype:trojan-activity;sid:84457638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594359)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/auths0//booking13763.rar"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"fnvimoyvwkbxbmczlqus.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594359/; classtype:trojan-activity;sid:84457459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594190)"; flow:established,from_client; content:"GET"; http_method; content:"/cisco-anyconnect-win-4.11-predeploy-k9.msi"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ww-poet-cohen-guided.trycloudflare.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594190/; classtype:trojan-activity;sid:84457290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593780)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.75.214.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_31; reference:url, urlhaus.abuse.ch/url/3593780/; classtype:trojan-activity;sid:84456880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.112.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_31; reference:url, urlhaus.abuse.ch/url/3593771/; classtype:trojan-activity;sid:84456871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593674)"; flow:established,from_client; content:"GET"; http_method; content:"/zx.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.46.152.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_31; reference:url, urlhaus.abuse.ch/url/3593674/; classtype:trojan-activity;sid:84456774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593673)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.46.152.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_31; reference:url, urlhaus.abuse.ch/url/3593673/; classtype:trojan-activity;sid:84456773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593510)"; flow:established,from_client; content:"GET"; http_method; content:"/67427p18klaktkbljgedwkltw9.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_31; reference:url, urlhaus.abuse.ch/url/3593510/; classtype:trojan-activity;sid:84456610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593488)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.46.152.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_31; reference:url, urlhaus.abuse.ch/url/3593488/; classtype:trojan-activity;sid:84456588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593487)"; flow:established,from_client; content:"GET"; http_method; content:"/zx.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.46.152.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_31; reference:url, urlhaus.abuse.ch/url/3593487/; classtype:trojan-activity;sid:84456587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593486)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.46.152.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_31; reference:url, urlhaus.abuse.ch/url/3593486/; classtype:trojan-activity;sid:84456586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593476)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/js/new%20po%20102456688.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"www.vastkupan.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_31; reference:url, urlhaus.abuse.ch/url/3593476/; classtype:trojan-activity;sid:84456576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593287)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.105.165.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_30; reference:url, urlhaus.abuse.ch/url/3593287/; classtype:trojan-activity;sid:84456387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.142.9.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_30; reference:url, urlhaus.abuse.ch/url/3593265/; classtype:trojan-activity;sid:84456365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.22.255.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_30; reference:url, urlhaus.abuse.ch/url/3593252/; classtype:trojan-activity;sid:84456352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593254)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"171.247.205.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_30; reference:url, urlhaus.abuse.ch/url/3593254/; classtype:trojan-activity;sid:84456354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592753)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.14.235.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592753/; classtype:trojan-activity;sid:84455853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.247.208.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592552/; classtype:trojan-activity;sid:84455652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592489)"; flow:established,from_client; content:"GET"; http_method; content:"/dll.dll"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.90.153.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592489/; classtype:trojan-activity;sid:84455589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592488)"; flow:established,from_client; content:"GET"; http_method; content:"/zx.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.90.153.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592488/; classtype:trojan-activity;sid:84455588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592294)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.fasdv.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592294/; classtype:trojan-activity;sid:84455394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592287)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.fasdv.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592287/; classtype:trojan-activity;sid:84455387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592242)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.vmklsfdv.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592242/; classtype:trojan-activity;sid:84455342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592241)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"savaswsd.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592241/; classtype:trojan-activity;sid:84455341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592240)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.vmklsfdv.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592240/; classtype:trojan-activity;sid:84455340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592235)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592235/; classtype:trojan-activity;sid:84455335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592236)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592236/; classtype:trojan-activity;sid:84455336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592238)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cvawrs.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592238/; classtype:trojan-activity;sid:84455338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592239)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.fasdv.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592239/; classtype:trojan-activity;sid:84455339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592234)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.fasdv.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592234/; classtype:trojan-activity;sid:84455334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592217)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.savaswsd.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592217/; classtype:trojan-activity;sid:84455317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592218)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592218/; classtype:trojan-activity;sid:84455318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592219)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.fasdv.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592219/; classtype:trojan-activity;sid:84455319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592220)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.savaswsd.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592220/; classtype:trojan-activity;sid:84455320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592221)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vmklsfdv.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592221/; classtype:trojan-activity;sid:84455321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592222)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"savaswsd.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592222/; classtype:trojan-activity;sid:84455322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592223)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592223/; classtype:trojan-activity;sid:84455323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592224)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.fasdv.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592224/; classtype:trojan-activity;sid:84455324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592225)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.savaswsd.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592225/; classtype:trojan-activity;sid:84455325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592226)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592226/; classtype:trojan-activity;sid:84455326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592227)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.vmklsfdv.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592227/; classtype:trojan-activity;sid:84455327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592228)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.savaswsd.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592228/; classtype:trojan-activity;sid:84455328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592230)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"cvawrs.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592230/; classtype:trojan-activity;sid:84455330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592231)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.savaswsd.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592231/; classtype:trojan-activity;sid:84455331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592232)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cvawrs.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592232/; classtype:trojan-activity;sid:84455332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592233)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592233/; classtype:trojan-activity;sid:84455333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592201)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592201/; classtype:trojan-activity;sid:84455301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592202)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"savaswsd.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592202/; classtype:trojan-activity;sid:84455302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592203)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cvawrs.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592203/; classtype:trojan-activity;sid:84455303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592204)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"savaswsd.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592204/; classtype:trojan-activity;sid:84455304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592205)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.fasdv.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592205/; classtype:trojan-activity;sid:84455305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592206)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"savaswsd.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592206/; classtype:trojan-activity;sid:84455306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592207)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592207/; classtype:trojan-activity;sid:84455307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592208)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"savaswsd.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592208/; classtype:trojan-activity;sid:84455308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592209)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592209/; classtype:trojan-activity;sid:84455309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592210)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592210/; classtype:trojan-activity;sid:84455310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592211)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"cvawrs.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592211/; classtype:trojan-activity;sid:84455311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592212)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"asdfavae.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592212/; classtype:trojan-activity;sid:84455312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592213)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"vmklsfdv.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592213/; classtype:trojan-activity;sid:84455313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592214)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592214/; classtype:trojan-activity;sid:84455314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592215)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"asdfavae.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592215/; classtype:trojan-activity;sid:84455315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592216)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592216/; classtype:trojan-activity;sid:84455316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592199)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592199/; classtype:trojan-activity;sid:84455299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592200)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592200/; classtype:trojan-activity;sid:84455300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592198)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592198/; classtype:trojan-activity;sid:84455298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592197)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"asdfavae.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592197/; classtype:trojan-activity;sid:84455297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592195)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592195/; classtype:trojan-activity;sid:84455295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592196)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592196/; classtype:trojan-activity;sid:84455296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592183)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.fasdv.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592183/; classtype:trojan-activity;sid:84455283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592184)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"vmklsfdv.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592184/; classtype:trojan-activity;sid:84455284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592185)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592185/; classtype:trojan-activity;sid:84455285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592186)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"asdfavae.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592186/; classtype:trojan-activity;sid:84455286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592187)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.savaswsd.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592187/; classtype:trojan-activity;sid:84455287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592188)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.savaswsd.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592188/; classtype:trojan-activity;sid:84455288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592189)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.fasdv.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592189/; classtype:trojan-activity;sid:84455289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592190)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"asdfavae.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592190/; classtype:trojan-activity;sid:84455290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592191)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"vmklsfdv.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592191/; classtype:trojan-activity;sid:84455291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592192)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc440"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"savaswsd.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592192/; classtype:trojan-activity;sid:84455292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592193)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.fasdv.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592193/; classtype:trojan-activity;sid:84455293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592194)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.fasdv.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592194/; classtype:trojan-activity;sid:84455294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592160)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"savaswsd.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592160/; classtype:trojan-activity;sid:84455260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592161)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.vmklsfdv.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592161/; classtype:trojan-activity;sid:84455261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592162)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592162/; classtype:trojan-activity;sid:84455262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592163)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"cvawrs.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592163/; classtype:trojan-activity;sid:84455263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592164)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"cvawrs.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592164/; classtype:trojan-activity;sid:84455264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592166)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592166/; classtype:trojan-activity;sid:84455266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592167)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592167/; classtype:trojan-activity;sid:84455267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592168)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"asdfavae.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592168/; classtype:trojan-activity;sid:84455268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592169)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.savaswsd.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592169/; classtype:trojan-activity;sid:84455269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592170)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.vmklsfdv.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592170/; classtype:trojan-activity;sid:84455270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592171)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cvawrs.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592171/; classtype:trojan-activity;sid:84455271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592172)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"vmklsfdv.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592172/; classtype:trojan-activity;sid:84455272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592173)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"asdfavae.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592173/; classtype:trojan-activity;sid:84455273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592174)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592174/; classtype:trojan-activity;sid:84455274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592175)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592175/; classtype:trojan-activity;sid:84455275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592176)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"savaswsd.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592176/; classtype:trojan-activity;sid:84455276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592177)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cvawrs.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592177/; classtype:trojan-activity;sid:84455277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592178)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"vmklsfdv.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592178/; classtype:trojan-activity;sid:84455278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592179)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.fasdv.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592179/; classtype:trojan-activity;sid:84455279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592180)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592180/; classtype:trojan-activity;sid:84455280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592181)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"cvawrs.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592181/; classtype:trojan-activity;sid:84455281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592182)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"vmklsfdv.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592182/; classtype:trojan-activity;sid:84455282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592159)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"savaswsd.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592159/; classtype:trojan-activity;sid:84455259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592158)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc440"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.vmklsfdv.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592158/; classtype:trojan-activity;sid:84455258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592151)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592151/; classtype:trojan-activity;sid:84455251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592152)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592152/; classtype:trojan-activity;sid:84455252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592153)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cvawrs.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592153/; classtype:trojan-activity;sid:84455253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592154)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592154/; classtype:trojan-activity;sid:84455254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592155)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc440"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592155/; classtype:trojan-activity;sid:84455255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592156)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592156/; classtype:trojan-activity;sid:84455256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592157)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc440"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"asdfavae.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592157/; classtype:trojan-activity;sid:84455257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592150)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc440"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.savaswsd.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592150/; classtype:trojan-activity;sid:84455250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592147)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"asdfavae.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592147/; classtype:trojan-activity;sid:84455247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592148)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cvawrs.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592148/; classtype:trojan-activity;sid:84455248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592143)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.savaswsd.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592143/; classtype:trojan-activity;sid:84455243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592144)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vmklsfdv.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592144/; classtype:trojan-activity;sid:84455244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592145)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.vmklsfdv.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592145/; classtype:trojan-activity;sid:84455245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592140)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc440"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cvawrs.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592140/; classtype:trojan-activity;sid:84455240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592141)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592141/; classtype:trojan-activity;sid:84455241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592142)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592142/; classtype:trojan-activity;sid:84455242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592132)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"asdfavae.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592132/; classtype:trojan-activity;sid:84455232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592133)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc440"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.fasdv.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592133/; classtype:trojan-activity;sid:84455233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592134)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.fasdv.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592134/; classtype:trojan-activity;sid:84455234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592136)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.fasdv.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592136/; classtype:trojan-activity;sid:84455236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592138)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.fasdv.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592138/; classtype:trojan-activity;sid:84455238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592139)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"asdfavae.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592139/; classtype:trojan-activity;sid:84455239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592125)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"vmklsfdv.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592125/; classtype:trojan-activity;sid:84455225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592126)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592126/; classtype:trojan-activity;sid:84455226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592128)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592128/; classtype:trojan-activity;sid:84455228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592129)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"vmklsfdv.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592129/; classtype:trojan-activity;sid:84455229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592130)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.asdfavae.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592130/; classtype:trojan-activity;sid:84455230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592131)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"savaswsd.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592131/; classtype:trojan-activity;sid:84455231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592122)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.savaswsd.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592122/; classtype:trojan-activity;sid:84455222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592123)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592123/; classtype:trojan-activity;sid:84455223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592124)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"vmklsfdv.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592124/; classtype:trojan-activity;sid:84455224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592119)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.vmklsfdv.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592119/; classtype:trojan-activity;sid:84455219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592120)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc440"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vmklsfdv.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592120/; classtype:trojan-activity;sid:84455220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592121)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.vmklsfdv.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592121/; classtype:trojan-activity;sid:84455221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592111)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592111/; classtype:trojan-activity;sid:84455211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592112)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592112/; classtype:trojan-activity;sid:84455212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592113)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.vmklsfdv.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592113/; classtype:trojan-activity;sid:84455213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592114)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"asdfavae.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592114/; classtype:trojan-activity;sid:84455214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592115)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.vmklsfdv.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592115/; classtype:trojan-activity;sid:84455215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592117)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fasdv.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592117/; classtype:trojan-activity;sid:84455217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592118)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"savaswsd.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592118/; classtype:trojan-activity;sid:84455218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592105)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.vmklsfdv.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592105/; classtype:trojan-activity;sid:84455205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592106)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cvawrs.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592106/; classtype:trojan-activity;sid:84455206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592107)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.vmklsfdv.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592107/; classtype:trojan-activity;sid:84455207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592108)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"vmklsfdv.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592108/; classtype:trojan-activity;sid:84455208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592109)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"vmklsfdv.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592109/; classtype:trojan-activity;sid:84455209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592110)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.vmklsfdv.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592110/; classtype:trojan-activity;sid:84455210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592104)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"vmklsfdv.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592104/; classtype:trojan-activity;sid:84455204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592103)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cvawrs.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592103/; classtype:trojan-activity;sid:84455203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592099)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592099/; classtype:trojan-activity;sid:84455199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592100)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"asdfavae.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592100/; classtype:trojan-activity;sid:84455200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592101)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cvawrs.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592101/; classtype:trojan-activity;sid:84455201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592102)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592102/; classtype:trojan-activity;sid:84455202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592098)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.savaswsd.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592098/; classtype:trojan-activity;sid:84455198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592096)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.savaswsd.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592096/; classtype:trojan-activity;sid:84455196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592091)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"savaswsd.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592091/; classtype:trojan-activity;sid:84455191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592092)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"savaswsd.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592092/; classtype:trojan-activity;sid:84455192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592093)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.savaswsd.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592093/; classtype:trojan-activity;sid:84455193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592094)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"savaswsd.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592094/; classtype:trojan-activity;sid:84455194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592095)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"asdfavae.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592095/; classtype:trojan-activity;sid:84455195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592087)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"asdfavae.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592087/; classtype:trojan-activity;sid:84455187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592088)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"savaswsd.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592088/; classtype:trojan-activity;sid:84455188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592089)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.savaswsd.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592089/; classtype:trojan-activity;sid:84455189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592090)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"asdfavae.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592090/; classtype:trojan-activity;sid:84455190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592085)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592085/; classtype:trojan-activity;sid:84455185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592086)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.cvawrs.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592086/; classtype:trojan-activity;sid:84455186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.247.208.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592078/; classtype:trojan-activity;sid:84455178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592038)"; flow:established,from_client; content:"GET"; http_method; content:"/image/cache/data/aksesuarlar/patch-yama-arma/skid-row-500x500.jpg"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"xshop.com.tr"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592038/; classtype:trojan-activity;sid:84455138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3591804)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.176.20.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_28; reference:url, urlhaus.abuse.ch/url/3591804/; classtype:trojan-activity;sid:84454904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3591800)"; flow:established,from_client; content:"GET"; http_method; content:"/g.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.176.20.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_28; reference:url, urlhaus.abuse.ch/url/3591800/; classtype:trojan-activity;sid:84454900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3591802)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.176.20.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_28; reference:url, urlhaus.abuse.ch/url/3591802/; classtype:trojan-activity;sid:84454902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3591799)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.176.20.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_28; reference:url, urlhaus.abuse.ch/url/3591799/; classtype:trojan-activity;sid:84454899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3591797)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.176.20.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_28; reference:url, urlhaus.abuse.ch/url/3591797/; classtype:trojan-activity;sid:84454897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3591794)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.176.20.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_28; reference:url, urlhaus.abuse.ch/url/3591794/; classtype:trojan-activity;sid:84454894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3591795)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.176.20.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_28; reference:url, urlhaus.abuse.ch/url/3591795/; classtype:trojan-activity;sid:84454895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3591792)"; flow:established,from_client; content:"GET"; http_method; content:"/ftpget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.176.20.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_28; reference:url, urlhaus.abuse.ch/url/3591792/; classtype:trojan-activity;sid:84454892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3591244)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.95.247.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3591244/; classtype:trojan-activity;sid:84454344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3591041)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.176.20.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3591041/; classtype:trojan-activity;sid:84454141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3591042)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.176.20.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3591042/; classtype:trojan-activity;sid:84454142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3591043)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.176.20.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3591043/; classtype:trojan-activity;sid:84454143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3591044)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.176.20.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3591044/; classtype:trojan-activity;sid:84454144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3591045)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.176.20.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3591045/; classtype:trojan-activity;sid:84454145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3591040)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.176.20.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3591040/; classtype:trojan-activity;sid:84454140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590955)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cnnetwork.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590955/; classtype:trojan-activity;sid:84454055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590954)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"cnnetwork.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590954/; classtype:trojan-activity;sid:84454054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590952)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"cnnetwork.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590952/; classtype:trojan-activity;sid:84454052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590950)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cnnetwork.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590950/; classtype:trojan-activity;sid:84454050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590951)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cnnetwork.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590951/; classtype:trojan-activity;sid:84454051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590947)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cnnetwork.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590947/; classtype:trojan-activity;sid:84454047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590948)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"cnnetwork.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590948/; classtype:trojan-activity;sid:84454048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590939)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cnnetwork.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590939/; classtype:trojan-activity;sid:84454039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590940)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"cnnetwork.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590940/; classtype:trojan-activity;sid:84454040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590937)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cnnetwork.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590937/; classtype:trojan-activity;sid:84454037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590938)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"cnnetwork.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590938/; classtype:trojan-activity;sid:84454038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590930)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cnnetwork.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590930/; classtype:trojan-activity;sid:84454030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590931)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cnnetwork.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590931/; classtype:trojan-activity;sid:84454031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590932)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"cnnetwork.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590932/; classtype:trojan-activity;sid:84454032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590933)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cnnetwork.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590933/; classtype:trojan-activity;sid:84454033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590934)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"cnnetwork.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590934/; classtype:trojan-activity;sid:84454034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.102.60.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590875/; classtype:trojan-activity;sid:84453975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590852)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.42.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590852/; classtype:trojan-activity;sid:84453952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590749)"; flow:established,from_client; content:"GET"; http_method; content:"/amineamine284/d3dx11_45/refs/heads/main/d3dx11_45.dll"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590749/; classtype:trojan-activity;sid:84453849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590748)"; flow:established,from_client; content:"GET"; http_method; content:"/amineamine284/rssdgxgr/refs/heads/main/garo%20x.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590748/; classtype:trojan-activity;sid:84453848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590746)"; flow:established,from_client; content:"GET"; http_method; content:"/amineamine284/edggqdsg/refs/heads/main/garo%20v1.dll"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590746/; classtype:trojan-activity;sid:84453846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590552)"; flow:established,from_client; content:"GET"; http_method; content:"/hafiz12cyber/request/raw/refs/heads/main/launcher.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590552/; classtype:trojan-activity;sid:84453652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590550)"; flow:established,from_client; content:"GET"; http_method; content:"/midkourtbbe/network/raw/refs/heads/main/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590550/; classtype:trojan-activity;sid:84453650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590549)"; flow:established,from_client; content:"GET"; http_method; content:"/anno29/web/raw/refs/heads/main/software.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590549/; classtype:trojan-activity;sid:84453649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590548)"; flow:established,from_client; content:"GET"; http_method; content:"/notcat999/sys/raw/refs/heads/main/software.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590548/; classtype:trojan-activity;sid:84453648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590547)"; flow:established,from_client; content:"GET"; http_method; content:"/gethalal-007/request/raw/refs/heads/main/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590547/; classtype:trojan-activity;sid:84453647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590546)"; flow:established,from_client; content:"GET"; http_method; content:"/nullarchive/request/raw/refs/heads/main/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590546/; classtype:trojan-activity;sid:84453646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590396)"; flow:established,from_client; content:"GET"; http_method; content:"/gitok.mp4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.208.84.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_26; reference:url, urlhaus.abuse.ch/url/3590396/; classtype:trojan-activity;sid:84453496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590393)"; flow:established,from_client; content:"GET"; http_method; content:"/563vju7p18klaljgedwktkbkltw1.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_26; reference:url, urlhaus.abuse.ch/url/3590393/; classtype:trojan-activity;sid:84453493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590392)"; flow:established,from_client; content:"GET"; http_method; content:"/3434pvju7p18klaljgedwktkbkltw1.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_26; reference:url, urlhaus.abuse.ch/url/3590392/; classtype:trojan-activity;sid:84453492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590388)"; flow:established,from_client; content:"GET"; http_method; content:"/92eqvju7p18klaljgedwktkbkltw.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_26; reference:url, urlhaus.abuse.ch/url/3590388/; classtype:trojan-activity;sid:84453488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.55.98.253"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_26; reference:url, urlhaus.abuse.ch/url/3590346/; classtype:trojan-activity;sid:84453446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590342)"; flow:established,from_client; content:"GET"; http_method; content:"/all.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_26; reference:url, urlhaus.abuse.ch/url/3590342/; classtype:trojan-activity;sid:84453442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590323)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.46.152.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_26; reference:url, urlhaus.abuse.ch/url/3590323/; classtype:trojan-activity;sid:84453423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590322)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.46.152.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_26; reference:url, urlhaus.abuse.ch/url/3590322/; classtype:trojan-activity;sid:84453422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590111)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.42.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3590111/; classtype:trojan-activity;sid:84453211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590104)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.42.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3590104/; classtype:trojan-activity;sid:84453204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590105)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.42.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3590105/; classtype:trojan-activity;sid:84453205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590102)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.42.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3590102/; classtype:trojan-activity;sid:84453202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590103)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.42.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3590103/; classtype:trojan-activity;sid:84453203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589469)"; flow:established,from_client; content:"GET"; http_method; content:"/1.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.173.101.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589469/; classtype:trojan-activity;sid:84452569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589421)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589421/; classtype:trojan-activity;sid:84452521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589422)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589422/; classtype:trojan-activity;sid:84452522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589423)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589423/; classtype:trojan-activity;sid:84452523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589424)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589424/; classtype:trojan-activity;sid:84452524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589425)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589425/; classtype:trojan-activity;sid:84452525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589426)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc440"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589426/; classtype:trojan-activity;sid:84452526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589427)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589427/; classtype:trojan-activity;sid:84452527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589410)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589410/; classtype:trojan-activity;sid:84452510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589411)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589411/; classtype:trojan-activity;sid:84452511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589412)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589412/; classtype:trojan-activity;sid:84452512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589414)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589414/; classtype:trojan-activity;sid:84452514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589415)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589415/; classtype:trojan-activity;sid:84452515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589416)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589416/; classtype:trojan-activity;sid:84452516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589417)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589417/; classtype:trojan-activity;sid:84452517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589418)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589418/; classtype:trojan-activity;sid:84452518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589419)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"160.187.246.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589419/; classtype:trojan-activity;sid:84452519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589379)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.34.66.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589379/; classtype:trojan-activity;sid:84452479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589348)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.14.235.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589348/; classtype:trojan-activity;sid:84452448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.29.135.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589317/; classtype:trojan-activity;sid:84452417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.239.108.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589324/; classtype:trojan-activity;sid:84452424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.245.7.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589327/; classtype:trojan-activity;sid:84452427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.6.13.167"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589311/; classtype:trojan-activity;sid:84452411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589312)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.52.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589312/; classtype:trojan-activity;sid:84452412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.97.162.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589310/; classtype:trojan-activity;sid:84452410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.192.69.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589309/; classtype:trojan-activity;sid:84452409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589307)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.52.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589307/; classtype:trojan-activity;sid:84452407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589100)"; flow:established,from_client; content:"GET"; http_method; content:"/f7ehhfaddsk/plugins/clip64.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"85.208.84.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_24; reference:url, urlhaus.abuse.ch/url/3589100/; classtype:trojan-activity;sid:84452200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589032)"; flow:established,from_client; content:"GET"; http_method; content:"/infect.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.141.87.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_24; reference:url, urlhaus.abuse.ch/url/3589032/; classtype:trojan-activity;sid:84452132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588880)"; flow:established,from_client; content:"GET"; http_method; content:"/f4112442-c6fd-4d1f-99b7-ec0005ba3e4f/mqhwlv.sys"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"ucarecdn.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_24; reference:url, urlhaus.abuse.ch/url/3588880/; classtype:trojan-activity;sid:84451980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588884)"; flow:established,from_client; content:"GET"; http_method; content:"/c4aa6390-ef31-4b3e-a191-67c1a5d20d7b/j5s1uy.bin"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"ucarecdn.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_24; reference:url, urlhaus.abuse.ch/url/3588884/; classtype:trojan-activity;sid:84451984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588192)"; flow:established,from_client; content:"GET"; http_method; content:"/j/a5le0w"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588192/; classtype:trojan-activity;sid:84451292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588194)"; flow:established,from_client; content:"GET"; http_method; content:"/x/adb"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588194/; classtype:trojan-activity;sid:84451294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588195)"; flow:established,from_client; content:"GET"; http_method; content:"/x/asus"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588195/; classtype:trojan-activity;sid:84451295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588196)"; flow:established,from_client; content:"GET"; http_method; content:"/x/e"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588196/; classtype:trojan-activity;sid:84451296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588197)"; flow:established,from_client; content:"GET"; http_method; content:"/x/vni"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588197/; classtype:trojan-activity;sid:84451297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588198)"; flow:established,from_client; content:"GET"; http_method; content:"/x/b"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588198/; classtype:trojan-activity;sid:84451298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588199)"; flow:established,from_client; content:"GET"; http_method; content:"/x/faraday"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588199/; classtype:trojan-activity;sid:84451299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588200)"; flow:established,from_client; content:"GET"; http_method; content:"/x/raisecom"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588200/; classtype:trojan-activity;sid:84451300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588201)"; flow:established,from_client; content:"GET"; http_method; content:"/x/c"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588201/; classtype:trojan-activity;sid:84451301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588202)"; flow:established,from_client; content:"GET"; http_method; content:"/x/newsletter"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588202/; classtype:trojan-activity;sid:84451302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588191)"; flow:established,from_client; content:"GET"; http_method; content:"/j/a4le1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588191/; classtype:trojan-activity;sid:84451291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588188)"; flow:established,from_client; content:"GET"; http_method; content:"/j/mle0w"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3588188/; classtype:trojan-activity;sid:84451288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588189)"; flow:established,from_client; content:"GET"; http_method; content:"/j/a5le1w"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3588189/; classtype:trojan-activity;sid:84451289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588190)"; flow:established,from_client; content:"GET"; http_method; content:"/j/a4le0"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3588190/; classtype:trojan-activity;sid:84451290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588187)"; flow:established,from_client; content:"GET"; http_method; content:"/j/ppc1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3588187/; classtype:trojan-activity;sid:84451287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588171)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"58.22.95.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3588171/; classtype:trojan-activity;sid:84451271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.173.138.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3588081/; classtype:trojan-activity;sid:84451181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588082)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"189.164.253.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3588082/; classtype:trojan-activity;sid:84451182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.28.227.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3588071/; classtype:trojan-activity;sid:84451171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.141.135.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3588061/; classtype:trojan-activity;sid:84451161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588009)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.6.13.167"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3588009/; classtype:trojan-activity;sid:84451109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587961)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.239.253.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587961/; classtype:trojan-activity;sid:84451061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587866)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587866/; classtype:trojan-activity;sid:84450966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587860)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587860/; classtype:trojan-activity;sid:84450960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587861)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587861/; classtype:trojan-activity;sid:84450961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587862)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587862/; classtype:trojan-activity;sid:84450962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587863)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587863/; classtype:trojan-activity;sid:84450963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587864)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587864/; classtype:trojan-activity;sid:84450964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587852)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587852/; classtype:trojan-activity;sid:84450952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587853)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587853/; classtype:trojan-activity;sid:84450953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587854)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587854/; classtype:trojan-activity;sid:84450954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587855)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587855/; classtype:trojan-activity;sid:84450955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587856)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587856/; classtype:trojan-activity;sid:84450956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587857)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587857/; classtype:trojan-activity;sid:84450957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587858)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587858/; classtype:trojan-activity;sid:84450958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587859)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587859/; classtype:trojan-activity;sid:84450959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587799)"; flow:established,from_client; content:"GET"; http_method; content:"/px86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.109.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587799/; classtype:trojan-activity;sid:84450899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587800)"; flow:established,from_client; content:"GET"; http_method; content:"/parm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.109.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587800/; classtype:trojan-activity;sid:84450900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587801)"; flow:established,from_client; content:"GET"; http_method; content:"/pm68k"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"93.123.109.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587801/; classtype:trojan-activity;sid:84450901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587791)"; flow:established,from_client; content:"GET"; http_method; content:"/pspc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.109.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587791/; classtype:trojan-activity;sid:84450891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587792)"; flow:established,from_client; content:"GET"; http_method; content:"/psh4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.109.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587792/; classtype:trojan-activity;sid:84450892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587780)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587780/; classtype:trojan-activity;sid:84450880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587771)"; flow:established,from_client; content:"GET"; http_method; content:"/parm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"93.123.109.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587771/; classtype:trojan-activity;sid:84450871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587768)"; flow:established,from_client; content:"GET"; http_method; content:"/pppc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.109.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587768/; classtype:trojan-activity;sid:84450868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587769)"; flow:established,from_client; content:"GET"; http_method; content:"/parm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"93.123.109.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587769/; classtype:trojan-activity;sid:84450869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587766)"; flow:established,from_client; content:"GET"; http_method; content:"/parm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"93.123.109.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587766/; classtype:trojan-activity;sid:84450866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.123.19.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3587633/; classtype:trojan-activity;sid:84450733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.123.19.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3587629/; classtype:trojan-activity;sid:84450729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587585)"; flow:established,from_client; content:"GET"; http_method; content:"/sid2983/-1aa-valoranta/releases/download/d0wn10ad/valcheat.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3587585/; classtype:trojan-activity;sid:84450685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587551)"; flow:established,from_client; content:"GET"; http_method; content:"//2025/07/19/15/683192372.png"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www2.0zz0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3587551/; classtype:trojan-activity;sid:84450651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587224)"; flow:established,from_client; content:"GET"; http_method; content:"/pmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"93.123.109.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3587224/; classtype:trojan-activity;sid:84450324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587211)"; flow:established,from_client; content:"GET"; http_method; content:"/pmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"93.123.109.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3587211/; classtype:trojan-activity;sid:84450311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587177)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yarn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.123.109.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3587177/; classtype:trojan-activity;sid:84450277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586922)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.109.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3586922/; classtype:trojan-activity;sid:84450022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586923)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pay"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.109.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3586923/; classtype:trojan-activity;sid:84450023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586703)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"vipcncnetwork.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3586703/; classtype:trojan-activity;sid:84449803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586705)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vipcncnetwork.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3586705/; classtype:trojan-activity;sid:84449805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586684)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"vipcncnetwork.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3586684/; classtype:trojan-activity;sid:84449784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586685)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vipcncnetwork.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3586685/; classtype:trojan-activity;sid:84449785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586686)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"vipcncnetwork.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3586686/; classtype:trojan-activity;sid:84449786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586688)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vipcncnetwork.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3586688/; classtype:trojan-activity;sid:84449788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586692)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vipcncnetwork.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3586692/; classtype:trojan-activity;sid:84449792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586693)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vipcncnetwork.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3586693/; classtype:trojan-activity;sid:84449793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586694)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"vipcncnetwork.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3586694/; classtype:trojan-activity;sid:84449794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586695)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"vipcncnetwork.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3586695/; classtype:trojan-activity;sid:84449795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586696)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"vipcncnetwork.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3586696/; classtype:trojan-activity;sid:84449796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586697)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"vipcncnetwork.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3586697/; classtype:trojan-activity;sid:84449797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586698)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"vipcncnetwork.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3586698/; classtype:trojan-activity;sid:84449798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586699)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vipcncnetwork.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3586699/; classtype:trojan-activity;sid:84449799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586701)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vipcncnetwork.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3586701/; classtype:trojan-activity;sid:84449801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586631)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.1.104.97"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3586631/; classtype:trojan-activity;sid:84449731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.220.163.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3586622/; classtype:trojan-activity;sid:84449722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586430)"; flow:established,from_client; content:"GET"; http_method; content:"/bjnklkeqvjumalnym.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586430/; classtype:trojan-activity;sid:84449530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586192)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.221.116.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586192/; classtype:trojan-activity;sid:84449292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.114.95.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586153/; classtype:trojan-activity;sid:84449253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.97.32.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586154/; classtype:trojan-activity;sid:84449254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.4.141.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586160/; classtype:trojan-activity;sid:84449260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.83.186.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586167/; classtype:trojan-activity;sid:84449267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.222.103.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586172/; classtype:trojan-activity;sid:84449272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.52.211.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586148/; classtype:trojan-activity;sid:84449248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.192.203.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586152/; classtype:trojan-activity;sid:84449252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586138)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.1.104.12"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586138/; classtype:trojan-activity;sid:84449238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586143)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.1.104.120"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586143/; classtype:trojan-activity;sid:84449243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.117.7.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586122/; classtype:trojan-activity;sid:84449222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"216.164.87.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586099/; classtype:trojan-activity;sid:84449199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585947)"; flow:established,from_client; content:"GET"; http_method; content:"/kjcy9kgh/02vcj.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"i.ibb.co"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_07_19; reference:url, urlhaus.abuse.ch/url/3585947/; classtype:trojan-activity;sid:84449047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.30.12.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585163/; classtype:trojan-activity;sid:84448263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.164.59.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585168/; classtype:trojan-activity;sid:84448268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.236.116.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585169/; classtype:trojan-activity;sid:84448269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.50.136.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585170/; classtype:trojan-activity;sid:84448270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.7.131.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585162/; classtype:trojan-activity;sid:84448262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.152.84.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585159/; classtype:trojan-activity;sid:84448259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.152.81.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585158/; classtype:trojan-activity;sid:84448258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585148)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.122.246.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585148/; classtype:trojan-activity;sid:84448248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585135)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.75.67.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585135/; classtype:trojan-activity;sid:84448235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585053)"; flow:established,from_client; content:"GET"; http_method; content:"/catalog/model/cummersmg.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"kavacanada.ca"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585053/; classtype:trojan-activity;sid:84448153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.247.2.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3584739/; classtype:trojan-activity;sid:84447839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.101.123.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3584733/; classtype:trojan-activity;sid:84447833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584719)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.2.45.191"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3584719/; classtype:trojan-activity;sid:84447819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584603)"; flow:established,from_client; content:"GET"; http_method; content:"/vivo/concluir-atualizacao.msi"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"cerni-mix-01174839212-snort-20.resourcemaster.net"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584603/; classtype:trojan-activity;sid:84447703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584601)"; flow:established,from_client; content:"GET"; http_method; content:"/nota/concluir-atualizacao.msi"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"cerni-mix-01174839212-snort-20.resourcemaster.net"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584601/; classtype:trojan-activity;sid:84447701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584309)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.54.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584309/; classtype:trojan-activity;sid:84447409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584281)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.204.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584281/; classtype:trojan-activity;sid:84447381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584277)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.212.60.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584277/; classtype:trojan-activity;sid:84447377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.103.57.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584272/; classtype:trojan-activity;sid:84447372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584256)"; flow:established,from_client; content:"GET"; http_method; content:"/567swjnklk1vumalnyll.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584256/; classtype:trojan-activity;sid:84447356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584254)"; flow:established,from_client; content:"GET"; http_method; content:"/1nklk1vpbjjueqlnywd.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584254/; classtype:trojan-activity;sid:84447354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584253)"; flow:established,from_client; content:"GET"; http_method; content:"/53pbjnklk1vumalnyll.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584253/; classtype:trojan-activity;sid:84447353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584250)"; flow:established,from_client; content:"GET"; http_method; content:"/23bjnklk1vjualnylppp.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584250/; classtype:trojan-activity;sid:84447350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584204)"; flow:established,from_client; content:"GET"; http_method; content:"/cln"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"162.248.53.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584204/; classtype:trojan-activity;sid:84447304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584203)"; flow:established,from_client; content:"GET"; http_method; content:"/run-ss.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.248.53.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584203/; classtype:trojan-activity;sid:84447303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584202)"; flow:established,from_client; content:"GET"; http_method; content:"/cores.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"162.248.53.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584202/; classtype:trojan-activity;sid:84447302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584180)"; flow:established,from_client; content:"GET"; http_method; content:"/sleep.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"162.248.53.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584180/; classtype:trojan-activity;sid:84447280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584181)"; flow:established,from_client; content:"GET"; http_method; content:"/tnn.ps1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"162.248.53.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584181/; classtype:trojan-activity;sid:84447281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584183)"; flow:established,from_client; content:"GET"; http_method; content:"/cln.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.248.53.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584183/; classtype:trojan-activity;sid:84447283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584184)"; flow:established,from_client; content:"GET"; http_method; content:"/cpu_check.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"162.248.53.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584184/; classtype:trojan-activity;sid:84447284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584188)"; flow:established,from_client; content:"GET"; http_method; content:"/test22.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.248.53.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584188/; classtype:trojan-activity;sid:84447288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584190)"; flow:established,from_client; content:"GET"; http_method; content:"/run-ss1.bash"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"162.248.53.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584190/; classtype:trojan-activity;sid:84447290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584191)"; flow:established,from_client; content:"GET"; http_method; content:"/config_background.json"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"162.248.53.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584191/; classtype:trojan-activity;sid:84447291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584192)"; flow:established,from_client; content:"GET"; http_method; content:"/kfk"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"162.248.53.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584192/; classtype:trojan-activity;sid:84447292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584194)"; flow:established,from_client; content:"GET"; http_method; content:"/t.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.248.53.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584194/; classtype:trojan-activity;sid:84447294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584195)"; flow:established,from_client; content:"GET"; http_method; content:"/port-check.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"162.248.53.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584195/; classtype:trojan-activity;sid:84447295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584196)"; flow:established,from_client; content:"GET"; http_method; content:"/chk.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.248.53.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584196/; classtype:trojan-activity;sid:84447296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584197)"; flow:established,from_client; content:"GET"; http_method; content:"/svhostd.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"162.248.53.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584197/; classtype:trojan-activity;sid:84447297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584198)"; flow:established,from_client; content:"GET"; http_method; content:"/cpuuuu.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.248.53.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584198/; classtype:trojan-activity;sid:84447298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584199)"; flow:established,from_client; content:"GET"; http_method; content:"/run-cn.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.248.53.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584199/; classtype:trojan-activity;sid:84447299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584174)"; flow:established,from_client; content:"GET"; http_method; content:"/download.php|3f|filepath=/var/www/html/outport/proc|7c|26|7c|filename=proc."; http_uri; depth:76; isdataat:!1,relative; nocase; content:"ndirection.kr"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584174/; classtype:trojan-activity;sid:84447274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584173)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.248.53.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584173/; classtype:trojan-activity;sid:84447273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583571)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_15; reference:url, urlhaus.abuse.ch/url/3583571/; classtype:trojan-activity;sid:84446671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"vpn.silk-gen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_07_15; reference:url, urlhaus.abuse.ch/url/3583536/; classtype:trojan-activity;sid:84446636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583285)"; flow:established,from_client; content:"GET"; http_method; content:"/wplus.ps1"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"hollywoodcafeonmain.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583285/; classtype:trojan-activity;sid:84446385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.207.174.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583284/; classtype:trojan-activity;sid:84446384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.207.174.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583276/; classtype:trojan-activity;sid:84446376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583040)"; flow:established,from_client; content:"GET"; http_method; content:"/laurenxss/42429a19c72b875b93608f8cb0cab933/raw/"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"gist.githubusercontent.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583040/; classtype:trojan-activity;sid:84446140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583039)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.snoopy"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583039/; classtype:trojan-activity;sid:84446139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583027)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583027/; classtype:trojan-activity;sid:84446127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583028)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583028/; classtype:trojan-activity;sid:84446128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583029)"; flow:established,from_client; content:"GET"; http_method; content:"/snoopy.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583029/; classtype:trojan-activity;sid:84446129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583030)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.snoopy"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583030/; classtype:trojan-activity;sid:84446130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583031)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583031/; classtype:trojan-activity;sid:84446131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583032)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583032/; classtype:trojan-activity;sid:84446132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583033)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583033/; classtype:trojan-activity;sid:84446133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583034)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583034/; classtype:trojan-activity;sid:84446134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583035)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.snoopy"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583035/; classtype:trojan-activity;sid:84446135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583036)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583036/; classtype:trojan-activity;sid:84446136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583037)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583037/; classtype:trojan-activity;sid:84446137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583038)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.snoopy"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583038/; classtype:trojan-activity;sid:84446138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582620)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.2.45.172"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_13; reference:url, urlhaus.abuse.ch/url/3582620/; classtype:trojan-activity;sid:84445720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582363)"; flow:established,from_client; content:"GET"; http_method; content:"/rated1337-group/rated1337-project/-/raw/main/000.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_13; reference:url, urlhaus.abuse.ch/url/3582363/; classtype:trojan-activity;sid:84445463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582266)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.132.131.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_13; reference:url, urlhaus.abuse.ch/url/3582266/; classtype:trojan-activity;sid:84445366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582265)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.45.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_13; reference:url, urlhaus.abuse.ch/url/3582265/; classtype:trojan-activity;sid:84445365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582136)"; flow:established,from_client; content:"GET"; http_method; content:"/j/xle1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582136/; classtype:trojan-activity;sid:84445236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582132)"; flow:established,from_client; content:"GET"; http_method; content:"/j/mle1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582132/; classtype:trojan-activity;sid:84445232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582134)"; flow:established,from_client; content:"GET"; http_method; content:"/j/a5le1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582134/; classtype:trojan-activity;sid:84445234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582125)"; flow:established,from_client; content:"GET"; http_method; content:"/j/mbe1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582125/; classtype:trojan-activity;sid:84445225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582127)"; flow:established,from_client; content:"GET"; http_method; content:"/j/a7le1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582127/; classtype:trojan-activity;sid:84445227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582128)"; flow:established,from_client; content:"GET"; http_method; content:"/j/aale1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582128/; classtype:trojan-activity;sid:84445228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582131)"; flow:established,from_client; content:"GET"; http_method; content:"/j/xale1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582131/; classtype:trojan-activity;sid:84445231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582069)"; flow:established,from_client; content:"GET"; http_method; content:"/red.mp4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.frontier.net.pk"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582069/; classtype:trojan-activity;sid:84445169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582066)"; flow:established,from_client; content:"GET"; http_method; content:"/green.mp4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.frontier.net.pk"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582066/; classtype:trojan-activity;sid:84445166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582052)"; flow:established,from_client; content:"GET"; http_method; content:"/d/venturashiprepair.com.sg/!kbspg/w0yxpmn78q1v"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"sgsmtp12.sgcloudhosting.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582052/; classtype:trojan-activity;sid:84445152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582053)"; flow:established,from_client; content:"GET"; http_method; content:"/d/venturashiprepair.com.sg/!kbspg/x8pj861y9q1v"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"sgsmtp12.sgcloudhosting.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582053/; classtype:trojan-activity;sid:84445153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582042)"; flow:established,from_client; content:"GET"; http_method; content:"/cve.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.201.82.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582042/; classtype:trojan-activity;sid:84445142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582039)"; flow:established,from_client; content:"GET"; http_method; content:"/scstager.mp4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"31.129.22.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582039/; classtype:trojan-activity;sid:84445139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582035)"; flow:established,from_client; content:"GET"; http_method; content:"/darkcyan-fa1d3_install.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"dansorium.gr"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582035/; classtype:trojan-activity;sid:84445135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581849)"; flow:established,from_client; content:"GET"; http_method; content:"/x/tplink"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3581849/; classtype:trojan-activity;sid:84444949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581711)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.108.63.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3581711/; classtype:trojan-activity;sid:84444811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.47.176.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3581695/; classtype:trojan-activity;sid:84444795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.211.101.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3581699/; classtype:trojan-activity;sid:84444799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.78.43.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3581701/; classtype:trojan-activity;sid:84444801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581440)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.5.176"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581440/; classtype:trojan-activity;sid:84444540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581423)"; flow:established,from_client; content:"GET"; http_method; content:"/j/mbe0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581423/; classtype:trojan-activity;sid:84444523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581424)"; flow:established,from_client; content:"GET"; http_method; content:"/j/a7le0"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581424/; classtype:trojan-activity;sid:84444524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581425)"; flow:established,from_client; content:"GET"; http_method; content:"/j/aale0"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581425/; classtype:trojan-activity;sid:84444525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581426)"; flow:established,from_client; content:"GET"; http_method; content:"/j/xle0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581426/; classtype:trojan-activity;sid:84444526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581427)"; flow:established,from_client; content:"GET"; http_method; content:"/j/ppc0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581427/; classtype:trojan-activity;sid:84444527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581428)"; flow:established,from_client; content:"GET"; http_method; content:"/j/a6le0"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581428/; classtype:trojan-activity;sid:84444528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581421)"; flow:established,from_client; content:"GET"; http_method; content:"/j/mle0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581421/; classtype:trojan-activity;sid:84444521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581422)"; flow:established,from_client; content:"GET"; http_method; content:"/j/a5le0"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581422/; classtype:trojan-activity;sid:84444522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581034)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips_softfloat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"154.201.82.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581034/; classtype:trojan-activity;sid:84444134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581035)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.201.82.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581035/; classtype:trojan-activity;sid:84444135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581032)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.201.82.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581032/; classtype:trojan-activity;sid:84444132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581031)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"154.201.82.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581031/; classtype:trojan-activity;sid:84444131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581027)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64el"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.201.82.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581027/; classtype:trojan-activity;sid:84444127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581025)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.201.82.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581025/; classtype:trojan-activity;sid:84444125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581024)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el_softfloat"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"154.201.82.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581024/; classtype:trojan-activity;sid:84444124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581022)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel_softfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"154.201.82.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581022/; classtype:trojan-activity;sid:84444122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581019)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.201.82.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581019/; classtype:trojan-activity;sid:84444119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581017)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.201.82.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581017/; classtype:trojan-activity;sid:84444117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581018)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.201.82.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581018/; classtype:trojan-activity;sid:84444118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581014)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.201.82.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581014/; classtype:trojan-activity;sid:84444114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581010)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64_softfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"154.201.82.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581010/; classtype:trojan-activity;sid:84444110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581008)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.201.82.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581008/; classtype:trojan-activity;sid:84444108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581007)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"154.201.82.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581007/; classtype:trojan-activity;sid:84444107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581006)"; flow:established,from_client; content:"GET"; http_method; content:"/win.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.201.82.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581006/; classtype:trojan-activity;sid:84444106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581003)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.201.82.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581003/; classtype:trojan-activity;sid:84444103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580979)"; flow:established,from_client; content:"GET"; http_method; content:"/db.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"154.201.82.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580979/; classtype:trojan-activity;sid:84444079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580943)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/scink.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"94.159.99.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580943/; classtype:trojan-activity;sid:84444043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580936)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"35.222.201.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580936/; classtype:trojan-activity;sid:84444036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580925)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.15.25.148"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580925/; classtype:trojan-activity;sid:84444025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580919)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.92.138.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580919/; classtype:trojan-activity;sid:84444019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580912)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.15.25.148"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580912/; classtype:trojan-activity;sid:84444012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580906)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.145.128.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580906/; classtype:trojan-activity;sid:84444006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580902)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.2.45.141"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580902/; classtype:trojan-activity;sid:84444002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580896)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.191.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580896/; classtype:trojan-activity;sid:84443996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.235.22.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580874/; classtype:trojan-activity;sid:84443974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.240.70.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580881/; classtype:trojan-activity;sid:84443981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580884)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.153.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580884/; classtype:trojan-activity;sid:84443984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580863)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.96.233"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580863/; classtype:trojan-activity;sid:84443963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580861)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.22.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580861/; classtype:trojan-activity;sid:84443961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.237.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580636/; classtype:trojan-activity;sid:84443736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"city.organzoperate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580430/; classtype:trojan-activity;sid:84443530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"crew.organzoperate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580425/; classtype:trojan-activity;sid:84443525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"crew.organzoperate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580421/; classtype:trojan-activity;sid:84443521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"city.organzoperate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580415/; classtype:trojan-activity;sid:84443515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"assuredfix.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580403/; classtype:trojan-activity;sid:84443503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3579954)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3579954/; classtype:trojan-activity;sid:84443054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3579360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"secure.third-domain.su"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_09; reference:url, urlhaus.abuse.ch/url/3579360/; classtype:trojan-activity;sid:84442460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3578385)"; flow:established,from_client; content:"GET"; http_method; content:"/ly4k/pwnkit/main/pwnkit"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_07; reference:url, urlhaus.abuse.ch/url/3578385/; classtype:trojan-activity;sid:84441485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577557)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"93.123.109.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_06; reference:url, urlhaus.abuse.ch/url/3577557/; classtype:trojan-activity;sid:84440657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577302)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"197.89.38.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_06; reference:url, urlhaus.abuse.ch/url/3577302/; classtype:trojan-activity;sid:84440402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577299)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.212.60.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_06; reference:url, urlhaus.abuse.ch/url/3577299/; classtype:trojan-activity;sid:84440399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"145.255.210.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_06; reference:url, urlhaus.abuse.ch/url/3577298/; classtype:trojan-activity;sid:84440398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.229.218.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_06; reference:url, urlhaus.abuse.ch/url/3577188/; classtype:trojan-activity;sid:84440288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577104)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.123.109.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577104/; classtype:trojan-activity;sid:84440204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577021)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577021/; classtype:trojan-activity;sid:84440121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577019)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577019/; classtype:trojan-activity;sid:84440119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577020)"; flow:established,from_client; content:"GET"; http_method; content:"/1/av.lnk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577020/; classtype:trojan-activity;sid:84440120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577008)"; flow:established,from_client; content:"GET"; http_method; content:"/1/video.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577008/; classtype:trojan-activity;sid:84440108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577009)"; flow:established,from_client; content:"GET"; http_method; content:"/1/photo.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577009/; classtype:trojan-activity;sid:84440109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576996)"; flow:established,from_client; content:"GET"; http_method; content:"/1/av.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576996/; classtype:trojan-activity;sid:84440096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576990)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576990/; classtype:trojan-activity;sid:84440090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576991)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576991/; classtype:trojan-activity;sid:84440091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576992)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576992/; classtype:trojan-activity;sid:84440092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576993)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576993/; classtype:trojan-activity;sid:84440093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576994)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576994/; classtype:trojan-activity;sid:84440094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576995)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576995/; classtype:trojan-activity;sid:84440095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576988)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576988/; classtype:trojan-activity;sid:84440088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576989)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576989/; classtype:trojan-activity;sid:84440089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576987)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576987/; classtype:trojan-activity;sid:84440087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576981)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576981/; classtype:trojan-activity;sid:84440081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576982)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576982/; classtype:trojan-activity;sid:84440082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576983)"; flow:established,from_client; content:"GET"; http_method; content:"/1/video.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576983/; classtype:trojan-activity;sid:84440083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576984)"; flow:established,from_client; content:"GET"; http_method; content:"/1/photo.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576984/; classtype:trojan-activity;sid:84440084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576985)"; flow:established,from_client; content:"GET"; http_method; content:"/1/info.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576985/; classtype:trojan-activity;sid:84440085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576986)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576986/; classtype:trojan-activity;sid:84440086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576914)"; flow:established,from_client; content:"GET"; http_method; content:"/%e9%aa%97%e6%88%91%e3%81%ae.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"42.51.49.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576914/; classtype:trojan-activity;sid:84440014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576913)"; flow:established,from_client; content:"GET"; http_method; content:"/dopamine.ipa"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"42.51.49.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576913/; classtype:trojan-activity;sid:84440013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576912)"; flow:established,from_client; content:"GET"; http_method; content:"/%e9%9b%aa%e8%8a%b1%e8%bf%9c%e7%a8%8b%e7%89%88.apk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"42.51.49.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576912/; classtype:trojan-activity;sid:84440012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576909)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b0%8f%e9%9b%a8%e7%82%b9%e6%96%b01.apk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"42.51.49.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576909/; classtype:trojan-activity;sid:84440009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576908)"; flow:established,from_client; content:"GET"; http_method; content:"/%e9%9b%aa%e8%8a%b1%e8%bf%9c%e7%a8%8b%e7%89%88%e6%96%b0.apk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"42.51.49.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576908/; classtype:trojan-activity;sid:84440008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576885)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.212.166.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576885/; classtype:trojan-activity;sid:84439985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576855)"; flow:established,from_client; content:"GET"; http_method; content:"/%e7%ba%a2%e5%b0%98%e5%ae%a2%e6%a0%88-%e7%94%b0%e9%9c%87muszk%e2%80%ae.3pm.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"1.82.240.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576855/; classtype:trojan-activity;sid:84439955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576853)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%9c%a8%e9%a9%ac.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"1.82.240.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576853/; classtype:trojan-activity;sid:84439953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576851)"; flow:established,from_client; content:"GET"; http_method; content:"/conf.ini"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.225.238.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576851/; classtype:trojan-activity;sid:84439951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576852)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview%2b%2b.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"1.15.230.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576852/; classtype:trojan-activity;sid:84439952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576846)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.91.238.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576846/; classtype:trojan-activity;sid:84439946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576844)"; flow:established,from_client; content:"GET"; http_method; content:"/666.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1.82.240.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576844/; classtype:trojan-activity;sid:84439944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576831)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"101.43.244.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576831/; classtype:trojan-activity;sid:84439931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576826)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.15.230.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576826/; classtype:trojan-activity;sid:84439926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576810)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"1.15.230.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576810/; classtype:trojan-activity;sid:84439910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576805)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview%2b%2b.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.140.214.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576805/; classtype:trojan-activity;sid:84439905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576809)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.33.244.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576809/; classtype:trojan-activity;sid:84439909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576793)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview%2b%2b.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.238.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576793/; classtype:trojan-activity;sid:84439893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576768)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.140.214.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576768/; classtype:trojan-activity;sid:84439868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576756)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview%2b%2b.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.29.147.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576756/; classtype:trojan-activity;sid:84439856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576752)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview%2b%2b.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"101.43.244.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576752/; classtype:trojan-activity;sid:84439852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576743)"; flow:established,from_client; content:"GET"; http_method; content:"/999.html"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.225.238.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576743/; classtype:trojan-activity;sid:84439843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576740)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview%2b%2b.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"101.33.244.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576740/; classtype:trojan-activity;sid:84439840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576737)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.244.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576737/; classtype:trojan-activity;sid:84439837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576728)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-doc.doc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576728/; classtype:trojan-activity;sid:84439828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576707)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.140.214.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576707/; classtype:trojan-activity;sid:84439807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576686)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.238.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576686/; classtype:trojan-activity;sid:84439786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576679)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"101.33.244.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576679/; classtype:trojan-activity;sid:84439779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576670)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-exe.exe.000"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576670/; classtype:trojan-activity;sid:84439770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576676)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-excel.xls"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576676/; classtype:trojan-activity;sid:84439776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576540)"; flow:established,from_client; content:"GET"; http_method; content:"/agetty"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576540/; classtype:trojan-activity;sid:84439640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576541)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576541/; classtype:trojan-activity;sid:84439641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576542)"; flow:established,from_client; content:"GET"; http_method; content:"/logsbins.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576542/; classtype:trojan-activity;sid:84439642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576544)"; flow:established,from_client; content:"GET"; http_method; content:"/telnetd"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576544/; classtype:trojan-activity;sid:84439644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576545)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576545/; classtype:trojan-activity;sid:84439645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576546)"; flow:established,from_client; content:"GET"; http_method; content:"/system"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576546/; classtype:trojan-activity;sid:84439646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576533)"; flow:established,from_client; content:"GET"; http_method; content:"/klogd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576533/; classtype:trojan-activity;sid:84439633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576534)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576534/; classtype:trojan-activity;sid:84439634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576535)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576535/; classtype:trojan-activity;sid:84439635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576536)"; flow:established,from_client; content:"GET"; http_method; content:"/rsyslogd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576536/; classtype:trojan-activity;sid:84439636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576537)"; flow:established,from_client; content:"GET"; http_method; content:"/logs2.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576537/; classtype:trojan-activity;sid:84439637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576538)"; flow:established,from_client; content:"GET"; http_method; content:"/getty"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576538/; classtype:trojan-activity;sid:84439638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576539)"; flow:established,from_client; content:"GET"; http_method; content:"/katrina"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576539/; classtype:trojan-activity;sid:84439639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576532)"; flow:established,from_client; content:"GET"; http_method; content:"/s"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576532/; classtype:trojan-activity;sid:84439632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576527)"; flow:established,from_client; content:"GET"; http_method; content:"/dbus-daemon"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576527/; classtype:trojan-activity;sid:84439627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576412)"; flow:established,from_client; content:"GET"; http_method; content:"/blue.mp4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"investtrad.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576412/; classtype:trojan-activity;sid:84439512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576384)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.212.60.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576384/; classtype:trojan-activity;sid:84439484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"153.37.252.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576367/; classtype:trojan-activity;sid:84439467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576359)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.212.60.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576359/; classtype:trojan-activity;sid:84439459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576353)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"197.89.38.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576353/; classtype:trojan-activity;sid:84439453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575978)"; flow:established,from_client; content:"GET"; http_method; content:"/allbnc.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.253.75.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575978/; classtype:trojan-activity;sid:84439078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575979)"; flow:established,from_client; content:"GET"; http_method; content:"/auto.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.253.75.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575979/; classtype:trojan-activity;sid:84439079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575971)"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.253.75.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575971/; classtype:trojan-activity;sid:84439071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575961)"; flow:established,from_client; content:"GET"; http_method; content:"/asp.gif"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.165.81.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575961/; classtype:trojan-activity;sid:84439061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575958)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.29.147.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575958/; classtype:trojan-activity;sid:84439058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575928)"; flow:established,from_client; content:"GET"; http_method; content:"/ekaspx.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.165.81.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575928/; classtype:trojan-activity;sid:84439028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575923)"; flow:established,from_client; content:"GET"; http_method; content:"/mshell.elf"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.165.81.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575923/; classtype:trojan-activity;sid:84439023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575924)"; flow:established,from_client; content:"GET"; http_method; content:"/shfrpc.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"14.225.238.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575924/; classtype:trojan-activity;sid:84439024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575907)"; flow:established,from_client; content:"GET"; http_method; content:"/svchos.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"14.225.238.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575907/; classtype:trojan-activity;sid:84439007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575900)"; flow:established,from_client; content:"GET"; http_method; content:"/xxx.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"14.225.238.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575900/; classtype:trojan-activity;sid:84439000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575892)"; flow:established,from_client; content:"GET"; http_method; content:"/cata2.jpg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.253.75.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575892/; classtype:trojan-activity;sid:84438992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575891)"; flow:established,from_client; content:"GET"; http_method; content:"/ek.jspx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.165.81.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575891/; classtype:trojan-activity;sid:84438991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575885)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.29.147.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575885/; classtype:trojan-activity;sid:84438985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575870)"; flow:established,from_client; content:"GET"; http_method; content:"/ek.jsp"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.165.81.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575870/; classtype:trojan-activity;sid:84438970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575824)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"145.255.210.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_04; reference:url, urlhaus.abuse.ch/url/3575824/; classtype:trojan-activity;sid:84438924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575542)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pspc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.123.109.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_04; reference:url, urlhaus.abuse.ch/url/3575542/; classtype:trojan-activity;sid:84438642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575540)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"93.123.109.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_04; reference:url, urlhaus.abuse.ch/url/3575540/; classtype:trojan-activity;sid:84438640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575541)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"93.123.109.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_04; reference:url, urlhaus.abuse.ch/url/3575541/; classtype:trojan-activity;sid:84438641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575539)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"93.123.109.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_04; reference:url, urlhaus.abuse.ch/url/3575539/; classtype:trojan-activity;sid:84438639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575535)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.123.109.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_04; reference:url, urlhaus.abuse.ch/url/3575535/; classtype:trojan-activity;sid:84438635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575536)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"93.123.109.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_04; reference:url, urlhaus.abuse.ch/url/3575536/; classtype:trojan-activity;sid:84438636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575537)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.123.109.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_04; reference:url, urlhaus.abuse.ch/url/3575537/; classtype:trojan-activity;sid:84438637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575534)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.123.109.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_04; reference:url, urlhaus.abuse.ch/url/3575534/; classtype:trojan-activity;sid:84438634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575355)"; flow:established,from_client; content:"GET"; http_method; content:"/labubu99999/localoco8386/main/shaman.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_04; reference:url, urlhaus.abuse.ch/url/3575355/; classtype:trojan-activity;sid:84438455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575354)"; flow:established,from_client; content:"GET"; http_method; content:"/labubu99999/localoco8386/raw/main/update0.bat"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_04; reference:url, urlhaus.abuse.ch/url/3575354/; classtype:trojan-activity;sid:84438454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.80.246.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_03; reference:url, urlhaus.abuse.ch/url/3575022/; classtype:trojan-activity;sid:84438122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.253.237.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_03; reference:url, urlhaus.abuse.ch/url/3575012/; classtype:trojan-activity;sid:84438112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3574976)"; flow:established,from_client; content:"GET"; http_method; content:"/e3jv8fs9b/plugins/clip64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"196.251.85.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_03; reference:url, urlhaus.abuse.ch/url/3574976/; classtype:trojan-activity;sid:84438076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3574975)"; flow:established,from_client; content:"GET"; http_method; content:"/e3jv8fs9b/plugins/cred64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"196.251.85.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_03; reference:url, urlhaus.abuse.ch/url/3574975/; classtype:trojan-activity;sid:84438075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3574416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.70.203.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_03; reference:url, urlhaus.abuse.ch/url/3574416/; classtype:trojan-activity;sid:84437516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3574399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.70.203.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_03; reference:url, urlhaus.abuse.ch/url/3574399/; classtype:trojan-activity;sid:84437499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3574027)"; flow:established,from_client; content:"GET"; http_method; content:"/7030.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ecs-124-70-158-53.compute.hwclouds-dns.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3574027/; classtype:trojan-activity;sid:84437127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573965)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3573965/; classtype:trojan-activity;sid:84437065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.88.242.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3573921/; classtype:trojan-activity;sid:84437021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.120.230.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3573668/; classtype:trojan-activity;sid:84436768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.120.230.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3573595/; classtype:trojan-activity;sid:84436695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.45.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3573398/; classtype:trojan-activity;sid:84436498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573361)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.94.134.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3573361/; classtype:trojan-activity;sid:84436461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.118.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3573345/; classtype:trojan-activity;sid:84436445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573133)"; flow:established,from_client; content:"GET"; http_method; content:"/dourvsity187.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"iiiconstruction.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3573133/; classtype:trojan-activity;sid:84436233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573084)"; flow:established,from_client; content:"GET"; http_method; content:"/chrome_134.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"lomejordesalamanca.es"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3573084/; classtype:trojan-activity;sid:84436184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3572780)"; flow:established,from_client; content:"GET"; http_method; content:"/mm5njcjtexpunnp1j.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3572780/; classtype:trojan-activity;sid:84435880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3572729)"; flow:established,from_client; content:"GET"; http_method; content:"/3/2.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hotellacastellana.com.uy"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3572729/; classtype:trojan-activity;sid:84435829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3572728)"; flow:established,from_client; content:"GET"; http_method; content:"/3/1.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hotellacastellana.com.uy"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3572728/; classtype:trojan-activity;sid:84435828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3572341)"; flow:established,from_client; content:"GET"; http_method; content:"/ghostgera/"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"intelligentopennetworkingawards.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3572341/; classtype:trojan-activity;sid:84435441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3572294)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.142.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3572294/; classtype:trojan-activity;sid:84435394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.91.153.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571969/; classtype:trojan-activity;sid:84435069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.229.218.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571844/; classtype:trojan-activity;sid:84434944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.88.242.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571786/; classtype:trojan-activity;sid:84434886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.91.153.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571790/; classtype:trojan-activity;sid:84434890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.150.45.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571722/; classtype:trojan-activity;sid:84434822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571573)"; flow:established,from_client; content:"GET"; http_method; content:"/0rknrw2j/jru8j.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"i.ibb.co"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571573/; classtype:trojan-activity;sid:84434673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571424)"; flow:established,from_client; content:"GET"; http_method; content:"/a3f.dof"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"checkinetverifk.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571424/; classtype:trojan-activity;sid:84434524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571382)"; flow:established,from_client; content:"GET"; http_method; content:"/fyvu.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571382/; classtype:trojan-activity;sid:84434482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571385)"; flow:established,from_client; content:"GET"; http_method; content:"/fyvu.zip|3f|le=19"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571385/; classtype:trojan-activity;sid:84434485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571386)"; flow:established,from_client; content:"GET"; http_method; content:"/smkl.zip|3f|le=48/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571386/; classtype:trojan-activity;sid:84434486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571387)"; flow:established,from_client; content:"GET"; http_method; content:"/hatz.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571387/; classtype:trojan-activity;sid:84434487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571381)"; flow:established,from_client; content:"GET"; http_method; content:"/hatz.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571381/; classtype:trojan-activity;sid:84434481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571379)"; flow:established,from_client; content:"GET"; http_method; content:"/tuvu.zip|3f|le=12"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571379/; classtype:trojan-activity;sid:84434479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571376)"; flow:established,from_client; content:"GET"; http_method; content:"/smkl.zip|3f|le=48"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571376/; classtype:trojan-activity;sid:84434476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571377)"; flow:established,from_client; content:"GET"; http_method; content:"/tuvu.zip|3f|le=12"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571377/; classtype:trojan-activity;sid:84434477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571372)"; flow:established,from_client; content:"GET"; http_method; content:"/hatz.zip|3f|le=17"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571372/; classtype:trojan-activity;sid:84434472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571370)"; flow:established,from_client; content:"GET"; http_method; content:"/hatz.zip|3f|le=65"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571370/; classtype:trojan-activity;sid:84434470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571371)"; flow:established,from_client; content:"GET"; http_method; content:"/hatz.zip|3f|le=9"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571371/; classtype:trojan-activity;sid:84434471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.68.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_29; reference:url, urlhaus.abuse.ch/url/3571262/; classtype:trojan-activity;sid:84434362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.87.155.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_29; reference:url, urlhaus.abuse.ch/url/3571253/; classtype:trojan-activity;sid:84434353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571065)"; flow:established,from_client; content:"GET"; http_method; content:"/plugman23333%20233.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_28; reference:url, urlhaus.abuse.ch/url/3571065/; classtype:trojan-activity;sid:84434165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571064)"; flow:established,from_client; content:"GET"; http_method; content:"/catqw.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_28; reference:url, urlhaus.abuse.ch/url/3571064/; classtype:trojan-activity;sid:84434164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.102.100.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_27; reference:url, urlhaus.abuse.ch/url/3570832/; classtype:trojan-activity;sid:84433932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570526)"; flow:established,from_client; content:"GET"; http_method; content:"/sex.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"135.148.129.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_26; reference:url, urlhaus.abuse.ch/url/3570526/; classtype:trojan-activity;sid:84433626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.120.203.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_26; reference:url, urlhaus.abuse.ch/url/3570433/; classtype:trojan-activity;sid:84433533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570196)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.93.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_25; reference:url, urlhaus.abuse.ch/url/3570196/; classtype:trojan-activity;sid:84433296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.139.187.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_25; reference:url, urlhaus.abuse.ch/url/3570176/; classtype:trojan-activity;sid:84433276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.117.116.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_25; reference:url, urlhaus.abuse.ch/url/3570186/; classtype:trojan-activity;sid:84433286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570170)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.73.44"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_25; reference:url, urlhaus.abuse.ch/url/3570170/; classtype:trojan-activity;sid:84433270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570158)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.8.83.87"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_25; reference:url, urlhaus.abuse.ch/url/3570158/; classtype:trojan-activity;sid:84433258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569818)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.209.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_24; reference:url, urlhaus.abuse.ch/url/3569818/; classtype:trojan-activity;sid:84432918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569817)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.57.30.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_24; reference:url, urlhaus.abuse.ch/url/3569817/; classtype:trojan-activity;sid:84432917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569802)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.8.83.87"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_24; reference:url, urlhaus.abuse.ch/url/3569802/; classtype:trojan-activity;sid:84432902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569803)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.8.83.87"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_24; reference:url, urlhaus.abuse.ch/url/3569803/; classtype:trojan-activity;sid:84432903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569657)"; flow:established,from_client; content:"GET"; http_method; content:"/juancamilo1914/youtube-mp3-converter/releases/download/buprestidan/youtube.mp3.converter.v1.0.0.-.buprestidan.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_23; reference:url, urlhaus.abuse.ch/url/3569657/; classtype:trojan-activity;sid:84432757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569549)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"129.204.103.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_23; reference:url, urlhaus.abuse.ch/url/3569549/; classtype:trojan-activity;sid:84432649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569208)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.222.31.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_22; reference:url, urlhaus.abuse.ch/url/3569208/; classtype:trojan-activity;sid:84432308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.239.218.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_22; reference:url, urlhaus.abuse.ch/url/3569204/; classtype:trojan-activity;sid:84432304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569182)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"80.94.92.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_22; reference:url, urlhaus.abuse.ch/url/3569182/; classtype:trojan-activity;sid:84432282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568977)"; flow:established,from_client; content:"GET"; http_method; content:"/aminer.gz"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_21; reference:url, urlhaus.abuse.ch/url/3568977/; classtype:trojan-activity;sid:84432077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568976)"; flow:established,from_client; content:"GET"; http_method; content:"/install.tgz"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_21; reference:url, urlhaus.abuse.ch/url/3568976/; classtype:trojan-activity;sid:84432076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.54.160.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_21; reference:url, urlhaus.abuse.ch/url/3568962/; classtype:trojan-activity;sid:84432062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.132.152.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_19; reference:url, urlhaus.abuse.ch/url/3568343/; classtype:trojan-activity;sid:84431443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568176)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/gv-cu/main/ud.png"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_19; reference:url, urlhaus.abuse.ch/url/3568176/; classtype:trojan-activity;sid:84431276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568162)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/gv-cu/raw/main/ud.png"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_19; reference:url, urlhaus.abuse.ch/url/3568162/; classtype:trojan-activity;sid:84431262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568074)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.91.203.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3568074/; classtype:trojan-activity;sid:84431174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"153.37.228.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3568028/; classtype:trojan-activity;sid:84431128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.15.185.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3568026/; classtype:trojan-activity;sid:84431126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568006)"; flow:established,from_client; content:"GET"; http_method; content:"/xl.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mundocarnes.cl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3568006/; classtype:trojan-activity;sid:84431106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172165/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567781/; classtype:trojan-activity;sid:84430881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170520/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567780/; classtype:trojan-activity;sid:84430880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171726/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567779/; classtype:trojan-activity;sid:84430879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165200/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567778/; classtype:trojan-activity;sid:84430878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165826/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567777/; classtype:trojan-activity;sid:84430877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171308/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567769/; classtype:trojan-activity;sid:84430869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167041/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567770/; classtype:trojan-activity;sid:84430870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567771)"; flow:established,from_client; content:"GET"; http_method; content:"/relftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567771/; classtype:trojan-activity;sid:84430871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567763)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167509/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567763/; classtype:trojan-activity;sid:84430863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168365/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567764/; classtype:trojan-activity;sid:84430864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567765)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170378/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567765/; classtype:trojan-activity;sid:84430865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567766/; classtype:trojan-activity;sid:84430866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166739/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567767/; classtype:trojan-activity;sid:84430867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168553/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567768/; classtype:trojan-activity;sid:84430868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167437/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567753/; classtype:trojan-activity;sid:84430853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168897/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567741/; classtype:trojan-activity;sid:84430841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171330/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567710/; classtype:trojan-activity;sid:84430810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567713)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567713/; classtype:trojan-activity;sid:84430813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171888/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567696/; classtype:trojan-activity;sid:84430796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567698)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160981/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567698/; classtype:trojan-activity;sid:84430798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165850/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567699/; classtype:trojan-activity;sid:84430799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170506/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567676/; classtype:trojan-activity;sid:84430776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166259/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567636/; classtype:trojan-activity;sid:84430736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167451/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567656/; classtype:trojan-activity;sid:84430756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567615)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160628/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567615/; classtype:trojan-activity;sid:84430715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171476/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567617/; classtype:trojan-activity;sid:84430717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567618)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171986/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567618/; classtype:trojan-activity;sid:84430718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567619)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172574/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567619/; classtype:trojan-activity;sid:84430719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166971/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567606/; classtype:trojan-activity;sid:84430706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567587)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168301/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567587/; classtype:trojan-activity;sid:84430687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166665/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567574/; classtype:trojan-activity;sid:84430674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165250/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567576/; classtype:trojan-activity;sid:84430676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172170/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567551/; classtype:trojan-activity;sid:84430651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164236/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567533/; classtype:trojan-activity;sid:84430633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567534)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166869/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567534/; classtype:trojan-activity;sid:84430634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567539)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168881/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567539/; classtype:trojan-activity;sid:84430639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162506/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567518/; classtype:trojan-activity;sid:84430618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171310/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567482/; classtype:trojan-activity;sid:84430582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567493/; classtype:trojan-activity;sid:84430593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171474/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567498/; classtype:trojan-activity;sid:84430598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171556/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567474/; classtype:trojan-activity;sid:84430574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567478)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168275/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567478/; classtype:trojan-activity;sid:84430578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567452)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166237/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567452/; classtype:trojan-activity;sid:84430552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164804/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567461/; classtype:trojan-activity;sid:84430561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171858/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567440/; classtype:trojan-activity;sid:84430540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567401)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171742/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567401/; classtype:trojan-activity;sid:84430501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567402)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168289/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567402/; classtype:trojan-activity;sid:84430502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567381)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165999/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567381/; classtype:trojan-activity;sid:84430481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567385)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166243/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567385/; classtype:trojan-activity;sid:84430485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171284/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567387/; classtype:trojan-activity;sid:84430487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567332)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171286/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567332/; classtype:trojan-activity;sid:84430432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567344)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169769/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567344/; classtype:trojan-activity;sid:84430444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000173022/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567345/; classtype:trojan-activity;sid:84430445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165656/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567346/; classtype:trojan-activity;sid:84430446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165116/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567352/; classtype:trojan-activity;sid:84430452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567315)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167243/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567315/; classtype:trojan-activity;sid:84430415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567294)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171064/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567294/; classtype:trojan-activity;sid:84430394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567279)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165010/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567279/; classtype:trojan-activity;sid:84430379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168551/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567239/; classtype:trojan-activity;sid:84430339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567240)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171458/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567240/; classtype:trojan-activity;sid:84430340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164122/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567250/; classtype:trojan-activity;sid:84430350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172094/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567259/; classtype:trojan-activity;sid:84430359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170774/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567209/; classtype:trojan-activity;sid:84430309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567210)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165090/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567210/; classtype:trojan-activity;sid:84430310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567218)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171854/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567218/; classtype:trojan-activity;sid:84430318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567219)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171244/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567219/; classtype:trojan-activity;sid:84430319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567221)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172788/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567221/; classtype:trojan-activity;sid:84430321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160742/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567186/; classtype:trojan-activity;sid:84430286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171318/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567178/; classtype:trojan-activity;sid:84430278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567182)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160982/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567182/; classtype:trojan-activity;sid:84430282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171438/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567125/; classtype:trojan-activity;sid:84430225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567113)"; flow:established,from_client; content:"GET"; http_method; content:"/gdbftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567113/; classtype:trojan-activity;sid:84430213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167339/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567115/; classtype:trojan-activity;sid:84430215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567099/; classtype:trojan-activity;sid:84430199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162652/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567067/; classtype:trojan-activity;sid:84430167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168387/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567073/; classtype:trojan-activity;sid:84430173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567074)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168291/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567074/; classtype:trojan-activity;sid:84430174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567081)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160615/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567081/; classtype:trojan-activity;sid:84430181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165184/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567049/; classtype:trojan-activity;sid:84430149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165014/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567036/; classtype:trojan-activity;sid:84430136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567037)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567037/; classtype:trojan-activity;sid:84430137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165480/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567007/; classtype:trojan-activity;sid:84430107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566986/; classtype:trojan-activity;sid:84430086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172470/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567001/; classtype:trojan-activity;sid:84430101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160599/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566972/; classtype:trojan-activity;sid:84430072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566983)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167601/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566983/; classtype:trojan-activity;sid:84430083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165020/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566962/; classtype:trojan-activity;sid:84430062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165844/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566968/; classtype:trojan-activity;sid:84430068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000159804/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566956/; classtype:trojan-activity;sid:84430056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566930)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566930/; classtype:trojan-activity;sid:84430030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168527/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566886/; classtype:trojan-activity;sid:84429986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000176793/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566887/; classtype:trojan-activity;sid:84429987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566901)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566901/; classtype:trojan-activity;sid:84430001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171464/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566902/; classtype:trojan-activity;sid:84430002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566848)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172163/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566848/; classtype:trojan-activity;sid:84429948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171224/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566852/; classtype:trojan-activity;sid:84429952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167115/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566855/; classtype:trojan-activity;sid:84429955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169966/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566861/; classtype:trojan-activity;sid:84429961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171228/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566864/; classtype:trojan-activity;sid:84429964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170482/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566865/; classtype:trojan-activity;sid:84429965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166801/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566837/; classtype:trojan-activity;sid:84429937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566842)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171402/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566842/; classtype:trojan-activity;sid:84429942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168121/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566801/; classtype:trojan-activity;sid:84429901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168303/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566802/; classtype:trojan-activity;sid:84429902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566807)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171242/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566807/; classtype:trojan-activity;sid:84429907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165794/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566787/; classtype:trojan-activity;sid:84429887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168063/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566779/; classtype:trojan-activity;sid:84429879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566784)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172670/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566784/; classtype:trojan-activity;sid:84429884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164510/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566761/; classtype:trojan-activity;sid:84429861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167445/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566767/; classtype:trojan-activity;sid:84429867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165935/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566753/; classtype:trojan-activity;sid:84429853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566738)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171288/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566738/; classtype:trojan-activity;sid:84429838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566742)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171640/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566742/; classtype:trojan-activity;sid:84429842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566743)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171316/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566743/; classtype:trojan-activity;sid:84429843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566706)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566706/; classtype:trojan-activity;sid:84429806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000173466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566718/; classtype:trojan-activity;sid:84429818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172872/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566687/; classtype:trojan-activity;sid:84429787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166307/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566697/; classtype:trojan-activity;sid:84429797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170596/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566650/; classtype:trojan-activity;sid:84429750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566655/; classtype:trojan-activity;sid:84429755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566661)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168293/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566661/; classtype:trojan-activity;sid:84429761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168339/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566664/; classtype:trojan-activity;sid:84429764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168278/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566671/; classtype:trojan-activity;sid:84429771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566648)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164836/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566648/; classtype:trojan-activity;sid:84429748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160612/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566629/; classtype:trojan-activity;sid:84429729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566596)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172292/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566596/; classtype:trojan-activity;sid:84429696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168509/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566602/; classtype:trojan-activity;sid:84429702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566604)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166657/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566604/; classtype:trojan-activity;sid:84429704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566579)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171702/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566579/; classtype:trojan-activity;sid:84429679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566581)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171454/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566581/; classtype:trojan-activity;sid:84429681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566582)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171250/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566582/; classtype:trojan-activity;sid:84429682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171256/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566568/; classtype:trojan-activity;sid:84429668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171470/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566546/; classtype:trojan-activity;sid:84429646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566557)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169947/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566557/; classtype:trojan-activity;sid:84429657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566559)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168749/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566559/; classtype:trojan-activity;sid:84429659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166747/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566518/; classtype:trojan-activity;sid:84429618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170836/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566519/; classtype:trojan-activity;sid:84429619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168281/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566520/; classtype:trojan-activity;sid:84429620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566524)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171292/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566524/; classtype:trojan-activity;sid:84429624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566499)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167219/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566499/; classtype:trojan-activity;sid:84429599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166851/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566506/; classtype:trojan-activity;sid:84429606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166887/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566507/; classtype:trojan-activity;sid:84429607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168305/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566509/; classtype:trojan-activity;sid:84429609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168297/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566482/; classtype:trojan-activity;sid:84429582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162637/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566485/; classtype:trojan-activity;sid:84429585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566488)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166079/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566488/; classtype:trojan-activity;sid:84429588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171090/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566492/; classtype:trojan-activity;sid:84429592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169473/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566494/; classtype:trojan-activity;sid:84429594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170010/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566498/; classtype:trojan-activity;sid:84429598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566448)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166183/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566448/; classtype:trojan-activity;sid:84429548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566462)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164138/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566462/; classtype:trojan-activity;sid:84429562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/app_error/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566468/; classtype:trojan-activity;sid:84429568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566445)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171314/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566445/; classtype:trojan-activity;sid:84429545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171304/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566426/; classtype:trojan-activity;sid:84429526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566409)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165772/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566409/; classtype:trojan-activity;sid:84429509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566420)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170922/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566420/; classtype:trojan-activity;sid:84429520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166309/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566421/; classtype:trojan-activity;sid:84429521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566393)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168295/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566393/; classtype:trojan-activity;sid:84429493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566394)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169469/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566394/; classtype:trojan-activity;sid:84429494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566399)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000179610/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566399/; classtype:trojan-activity;sid:84429499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566404)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165644/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566404/; classtype:trojan-activity;sid:84429504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566379)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170516/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566379/; classtype:trojan-activity;sid:84429479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171240/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566380/; classtype:trojan-activity;sid:84429480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566369)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171296/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566369/; classtype:trojan-activity;sid:84429469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170532/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566371/; classtype:trojan-activity;sid:84429471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172428/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566368/; classtype:trojan-activity;sid:84429468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566349)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172690/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566349/; classtype:trojan-activity;sid:84429449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566351)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566351/; classtype:trojan-activity;sid:84429451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171306/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566340/; classtype:trojan-activity;sid:84429440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566342)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164262/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566342/; classtype:trojan-activity;sid:84429442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566317)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169171/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566317/; classtype:trojan-activity;sid:84429417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566318)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167279/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566318/; classtype:trojan-activity;sid:84429418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171450/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566292/; classtype:trojan-activity;sid:84429392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566301)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171312/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566301/; classtype:trojan-activity;sid:84429401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168287/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566304/; classtype:trojan-activity;sid:84429404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160984/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566278/; classtype:trojan-activity;sid:84429378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566258)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566258/; classtype:trojan-activity;sid:84429358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566260)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171194/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566260/; classtype:trojan-activity;sid:84429360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167423/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566261/; classtype:trojan-activity;sid:84429361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566263)"; flow:established,from_client; content:"GET"; http_method; content:"/install/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566263/; classtype:trojan-activity;sid:84429363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165820/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566270/; classtype:trojan-activity;sid:84429370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167557/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566233/; classtype:trojan-activity;sid:84429333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172576/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566242/; classtype:trojan-activity;sid:84429342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566212)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171462/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566212/; classtype:trojan-activity;sid:84429312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160619/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566213/; classtype:trojan-activity;sid:84429313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566192)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164394/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566192/; classtype:trojan-activity;sid:84429292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566193)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160718/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566193/; classtype:trojan-activity;sid:84429293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566194)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171472/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566194/; classtype:trojan-activity;sid:84429294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566195)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171294/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566195/; classtype:trojan-activity;sid:84429295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566197)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170894/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566197/; classtype:trojan-activity;sid:84429297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165248/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566204/; classtype:trojan-activity;sid:84429304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171468/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566180/; classtype:trojan-activity;sid:84429280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165900/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566187/; classtype:trojan-activity;sid:84429287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168559/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566165/; classtype:trojan-activity;sid:84429265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171016/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566166/; classtype:trojan-activity;sid:84429266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566134)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566134/; classtype:trojan-activity;sid:84429234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164808/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566145/; classtype:trojan-activity;sid:84429245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165244/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566114/; classtype:trojan-activity;sid:84429214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169167/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566116/; classtype:trojan-activity;sid:84429216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171332/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566117/; classtype:trojan-activity;sid:84429217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162883/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566087/; classtype:trojan-activity;sid:84429187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000163666/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566089/; classtype:trojan-activity;sid:84429189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171298/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566099/; classtype:trojan-activity;sid:84429199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166135/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566071/; classtype:trojan-activity;sid:84429171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169527/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566076/; classtype:trojan-activity;sid:84429176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171252/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566048/; classtype:trojan-activity;sid:84429148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165004/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566056/; classtype:trojan-activity;sid:84429156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168329/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566058/; classtype:trojan-activity;sid:84429158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164253/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566064/; classtype:trojan-activity;sid:84429164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165486/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566068/; classtype:trojan-activity;sid:84429168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171302/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566069/; classtype:trojan-activity;sid:84429169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172568/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566031/; classtype:trojan-activity;sid:84429131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165504/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566044/; classtype:trojan-activity;sid:84429144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566015/; classtype:trojan-activity;sid:84429115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169927/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565985/; classtype:trojan-activity;sid:84429085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565965)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565965/; classtype:trojan-activity;sid:84429065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160618/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565971/; classtype:trojan-activity;sid:84429071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171358/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565982/; classtype:trojan-activity;sid:84429082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169465/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565959/; classtype:trojan-activity;sid:84429059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160995/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565922/; classtype:trojan-activity;sid:84429022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172746/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565881/; classtype:trojan-activity;sid:84428981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166323/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565904/; classtype:trojan-activity;sid:84429004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167443/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565905/; classtype:trojan-activity;sid:84429005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169865/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565854/; classtype:trojan-activity;sid:84428954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166105/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565870/; classtype:trojan-activity;sid:84428970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565876/; classtype:trojan-activity;sid:84428976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565839/; classtype:trojan-activity;sid:84428939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000179593/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565845/; classtype:trojan-activity;sid:84428945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165824/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565846/; classtype:trojan-activity;sid:84428946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565835)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169013/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565835/; classtype:trojan-activity;sid:84428935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565816)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171248/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565816/; classtype:trojan-activity;sid:84428916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165072/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565772/; classtype:trojan-activity;sid:84428872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565743)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168299/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565743/; classtype:trojan-activity;sid:84428843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171452/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565719/; classtype:trojan-activity;sid:84428819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167071/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565726/; classtype:trojan-activity;sid:84428826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166085/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565728/; classtype:trojan-activity;sid:84428828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565410)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/itempicture/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565410/; classtype:trojan-activity;sid:84428510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565409)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/video.scr"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565409/; classtype:trojan-activity;sid:84428509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565407)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/itempicture/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565407/; classtype:trojan-activity;sid:84428507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565408)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/video.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565408/; classtype:trojan-activity;sid:84428508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565403)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565403/; classtype:trojan-activity;sid:84428503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565404)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565404/; classtype:trojan-activity;sid:84428504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565405)"; flow:established,from_client; content:"GET"; http_method; content:"/program/photo.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565405/; classtype:trojan-activity;sid:84428505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565399)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/busiprocess/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565399/; classtype:trojan-activity;sid:84428499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565400)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/photo.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565400/; classtype:trojan-activity;sid:84428500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565393)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/av.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565393/; classtype:trojan-activity;sid:84428493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565394)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/photo.scr"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565394/; classtype:trojan-activity;sid:84428494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565395)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565395/; classtype:trojan-activity;sid:84428495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565390)"; flow:established,from_client; content:"GET"; http_method; content:"/program/av.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565390/; classtype:trojan-activity;sid:84428490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565364)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/busiprocess/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565364/; classtype:trojan-activity;sid:84428464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565343)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/itempicture/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565343/; classtype:trojan-activity;sid:84428443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565344)"; flow:established,from_client; content:"GET"; http_method; content:"/program/video.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565344/; classtype:trojan-activity;sid:84428444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565352)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/av.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565352/; classtype:trojan-activity;sid:84428452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565355)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/photo.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565355/; classtype:trojan-activity;sid:84428455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565357)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/video.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565357/; classtype:trojan-activity;sid:84428457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565331)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565331/; classtype:trojan-activity;sid:84428431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565333)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/photo.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565333/; classtype:trojan-activity;sid:84428433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565337)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/video.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565337/; classtype:trojan-activity;sid:84428437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565338)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/av.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565338/; classtype:trojan-activity;sid:84428438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565339)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/photo.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565339/; classtype:trojan-activity;sid:84428439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565340)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565340/; classtype:trojan-activity;sid:84428440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565341)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/busiprocess/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565341/; classtype:trojan-activity;sid:84428441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565329)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/video.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565329/; classtype:trojan-activity;sid:84428429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565319)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/av.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565319/; classtype:trojan-activity;sid:84428419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565311)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/busiprocess/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565311/; classtype:trojan-activity;sid:84428411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565312)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565312/; classtype:trojan-activity;sid:84428412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565313)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/av.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565313/; classtype:trojan-activity;sid:84428413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565314)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/av.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565314/; classtype:trojan-activity;sid:84428414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565315)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565315/; classtype:trojan-activity;sid:84428415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565317)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565317/; classtype:trojan-activity;sid:84428417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565288)"; flow:established,from_client; content:"GET"; http_method; content:"/agent2b_web_6.05.030/instalador%20corevision/disk1/setup.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565288/; classtype:trojan-activity;sid:84428388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565286)"; flow:established,from_client; content:"GET"; http_method; content:"/database/setup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565286/; classtype:trojan-activity;sid:84428386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565283)"; flow:established,from_client; content:"GET"; http_method; content:"/images/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565283/; classtype:trojan-activity;sid:84428383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565284)"; flow:established,from_client; content:"GET"; http_method; content:"/svg/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565284/; classtype:trojan-activity;sid:84428384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565285)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565285/; classtype:trojan-activity;sid:84428385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565282)"; flow:established,from_client; content:"GET"; http_method; content:"/agent2b_web_6.05.030/instalador%20completo/disk1/setup.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565282/; classtype:trojan-activity;sid:84428382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565281)"; flow:established,from_client; content:"GET"; http_method; content:"/client/setup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565281/; classtype:trojan-activity;sid:84428381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565262)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/dao/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565262/; classtype:trojan-activity;sid:84428362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565260)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/badmail/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565260/; classtype:trojan-activity;sid:84428360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565261/; classtype:trojan-activity;sid:84428361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565259/; classtype:trojan-activity;sid:84428359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565258)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565258/; classtype:trojan-activity;sid:84428358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565257/; classtype:trojan-activity;sid:84428357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565256)"; flow:established,from_client; content:"GET"; http_method; content:"/bkp/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565256/; classtype:trojan-activity;sid:84428356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565255)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/queue/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565255/; classtype:trojan-activity;sid:84428355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565254)"; flow:established,from_client; content:"GET"; http_method; content:"/relftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565254/; classtype:trojan-activity;sid:84428354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565253)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/drop/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565253/; classtype:trojan-activity;sid:84428353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565252)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565252/; classtype:trojan-activity;sid:84428352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565249)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/pickup/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565249/; classtype:trojan-activity;sid:84428349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565244)"; flow:established,from_client; content:"GET"; http_method; content:"/h4lud3ae/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565244/; classtype:trojan-activity;sid:84428344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565245)"; flow:established,from_client; content:"GET"; http_method; content:"/install/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565245/; classtype:trojan-activity;sid:84428345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565246)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565246/; classtype:trojan-activity;sid:84428346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565243)"; flow:established,from_client; content:"GET"; http_method; content:"/relftp/pdf/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565243/; classtype:trojan-activity;sid:84428343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565230)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565230/; classtype:trojan-activity;sid:84428330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565236)"; flow:established,from_client; content:"GET"; http_method; content:"/idi/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565236/; classtype:trojan-activity;sid:84428336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565239/; classtype:trojan-activity;sid:84428339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565241)"; flow:established,from_client; content:"GET"; http_method; content:"/gdbftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565241/; classtype:trojan-activity;sid:84428341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565091)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/cksy/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565091/; classtype:trojan-activity;sid:84428191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565090)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/service/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565090/; classtype:trojan-activity;sid:84428190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565089)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/rgsy/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565089/; classtype:trojan-activity;sid:84428189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565088)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/dto/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565088/; classtype:trojan-activity;sid:84428188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565087)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/entity/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565087/; classtype:trojan-activity;sid:84428187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565085)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565085/; classtype:trojan-activity;sid:84428185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565086)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565086/; classtype:trojan-activity;sid:84428186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565084)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565084/; classtype:trojan-activity;sid:84428184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565083)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/entity/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565083/; classtype:trojan-activity;sid:84428183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565082)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/constrant/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565082/; classtype:trojan-activity;sid:84428182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565081)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565081/; classtype:trojan-activity;sid:84428181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565080)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565080/; classtype:trojan-activity;sid:84428180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565079)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565079/; classtype:trojan-activity;sid:84428179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565078)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/log/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565078/; classtype:trojan-activity;sid:84428178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565077)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565077/; classtype:trojan-activity;sid:84428177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565076)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/chkptwss/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565076/; classtype:trojan-activity;sid:84428176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565075)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/images/new/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565075/; classtype:trojan-activity;sid:84428175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565074)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565074/; classtype:trojan-activity;sid:84428174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565073)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/photoset/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565073/; classtype:trojan-activity;sid:84428173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565072)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/templete/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565072/; classtype:trojan-activity;sid:84428172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565071)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/service/impl/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565071/; classtype:trojan-activity;sid:84428171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565070)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/action/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565070/; classtype:trojan-activity;sid:84428170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565069)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/vehiclereview/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565069/; classtype:trojan-activity;sid:84428169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565068)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/root/org/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565068/; classtype:trojan-activity;sid:84428168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565066)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/css1/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565066/; classtype:trojan-activity;sid:84428166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565067)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/base/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565067/; classtype:trojan-activity;sid:84428167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565065)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/zbawss/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565065/; classtype:trojan-activity;sid:84428165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565064)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/entity/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565064/; classtype:trojan-activity;sid:84428164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565062)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/set/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565062/; classtype:trojan-activity;sid:84428162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565063)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/dto/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565063/; classtype:trojan-activity;sid:84428163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565061)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/service/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565061/; classtype:trojan-activity;sid:84428161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565060)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/root/org/apache/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565060/; classtype:trojan-activity;sid:84428160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565059)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/templete/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565059/; classtype:trojan-activity;sid:84428159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565057)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/photo/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565057/; classtype:trojan-activity;sid:84428157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565058)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/service/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565058/; classtype:trojan-activity;sid:84428158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565056)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/entity/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565056/; classtype:trojan-activity;sid:84428156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565054)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565054/; classtype:trojan-activity;sid:84428154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565049)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/service/impl/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565049/; classtype:trojan-activity;sid:84428149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565050)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/hdk/localxml.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565050/; classtype:trojan-activity;sid:84428150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565051)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565051/; classtype:trojan-activity;sid:84428151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565048)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/dto/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565048/; classtype:trojan-activity;sid:84428148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565044)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/action/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565044/; classtype:trojan-activity;sid:84428144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565043)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/entity/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565043/; classtype:trojan-activity;sid:84428143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565040)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/servacpt/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565040/; classtype:trojan-activity;sid:84428140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565035)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/temp/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565035/; classtype:trojan-activity;sid:84428135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565034)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/dto/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565034/; classtype:trojan-activity;sid:84428134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565030)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/pdauser/action/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565030/; classtype:trojan-activity;sid:84428130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565029)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/sysparam/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565029/; classtype:trojan-activity;sid:84428129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565024)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565024/; classtype:trojan-activity;sid:84428124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565017)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/client/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565017/; classtype:trojan-activity;sid:84428117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565018)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565018/; classtype:trojan-activity;sid:84428118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565016)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565016/; classtype:trojan-activity;sid:84428116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565015)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565015/; classtype:trojan-activity;sid:84428115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565014)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/dao/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565014/; classtype:trojan-activity;sid:84428114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565008)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/interceptor/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565008/; classtype:trojan-activity;sid:84428108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565009)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/plugin/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565009/; classtype:trojan-activity;sid:84428109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565010)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/dto/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565010/; classtype:trojan-activity;sid:84428110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565011)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565011/; classtype:trojan-activity;sid:84428111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565004)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565004/; classtype:trojan-activity;sid:84428104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565001)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565001/; classtype:trojan-activity;sid:84428101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564999)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/dto/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564999/; classtype:trojan-activity;sid:84428099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564992)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/service/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564992/; classtype:trojan-activity;sid:84428092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564993)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/mgr/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564993/; classtype:trojan-activity;sid:84428093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564990)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/visitwss/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564990/; classtype:trojan-activity;sid:84428090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564988)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564988/; classtype:trojan-activity;sid:84428088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564986)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/wss/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564986/; classtype:trojan-activity;sid:84428086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564985)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/pdawss/dto/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564985/; classtype:trojan-activity;sid:84428085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564984)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564984/; classtype:trojan-activity;sid:84428084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564983)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564983/; classtype:trojan-activity;sid:84428083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564980)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/exception/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564980/; classtype:trojan-activity;sid:84428080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564979)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/dao/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564979/; classtype:trojan-activity;sid:84428079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564977)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564977/; classtype:trojan-activity;sid:84428077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564975)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564975/; classtype:trojan-activity;sid:84428075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564976)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/dao/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564976/; classtype:trojan-activity;sid:84428076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564974)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/service/impl/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564974/; classtype:trojan-activity;sid:84428074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564972)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/dao/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564972/; classtype:trojan-activity;sid:84428072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564971)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/hdk/localxml.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564971/; classtype:trojan-activity;sid:84428071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564969)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564969/; classtype:trojan-activity;sid:84428069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564968)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/service/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564968/; classtype:trojan-activity;sid:84428068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564966)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/rgsy/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564966/; classtype:trojan-activity;sid:84428066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564965)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/dao/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564965/; classtype:trojan-activity;sid:84428065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564964)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564964/; classtype:trojan-activity;sid:84428064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564960)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564960/; classtype:trojan-activity;sid:84428060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564961)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564961/; classtype:trojan-activity;sid:84428061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564958)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/dto/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564958/; classtype:trojan-activity;sid:84428058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564957)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/action/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564957/; classtype:trojan-activity;sid:84428057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564956)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/conf/catalina/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564956/; classtype:trojan-activity;sid:84428056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564953)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564953/; classtype:trojan-activity;sid:84428053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564948)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/service/impl/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564948/; classtype:trojan-activity;sid:84428048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564949)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564949/; classtype:trojan-activity;sid:84428049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564944)"; flow:established,from_client; content:"GET"; http_method; content:"/2345downloads/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564944/; classtype:trojan-activity;sid:84428044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564937)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/lib/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564937/; classtype:trojan-activity;sid:84428037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564938)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564938/; classtype:trojan-activity;sid:84428038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564939)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/service/impl/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564939/; classtype:trojan-activity;sid:84428039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564940)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/record/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564940/; classtype:trojan-activity;sid:84428040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564935)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564935/; classtype:trojan-activity;sid:84428035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564936)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564936/; classtype:trojan-activity;sid:84428036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564931)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/mgr/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564931/; classtype:trojan-activity;sid:84428031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564927)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/nvrsetting/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564927/; classtype:trojan-activity;sid:84428027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564925)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/css1/_notes/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564925/; classtype:trojan-activity;sid:84428025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564926)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/rgsy/system/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564926/; classtype:trojan-activity;sid:84428026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564924)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564924/; classtype:trojan-activity;sid:84428024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564920)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/base/dto/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564920/; classtype:trojan-activity;sid:84428020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564908)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/web/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564908/; classtype:trojan-activity;sid:84428008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564909)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564909/; classtype:trojan-activity;sid:84428009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564906)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/lib/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564906/; classtype:trojan-activity;sid:84428006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564903)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/base/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564903/; classtype:trojan-activity;sid:84428003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564902)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/unusual/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564902/; classtype:trojan-activity;sid:84428002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564900)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564900/; classtype:trojan-activity;sid:84428000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564899)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/pub/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564899/; classtype:trojan-activity;sid:84427999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564898)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564898/; classtype:trojan-activity;sid:84427998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564895)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/cyzpdytemp/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564895/; classtype:trojan-activity;sid:84427995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564896)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/systemset/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564896/; classtype:trojan-activity;sid:84427996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564893)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/viewwss/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564893/; classtype:trojan-activity;sid:84427993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564894)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/util/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564894/; classtype:trojan-activity;sid:84427994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564892)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/wss/util/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564892/; classtype:trojan-activity;sid:84427992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564888)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564888/; classtype:trojan-activity;sid:84427988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564889)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/util/nvr/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564889/; classtype:trojan-activity;sid:84427989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564882)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564882/; classtype:trojan-activity;sid:84427982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564883)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/cksy/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564883/; classtype:trojan-activity;sid:84427983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564881)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/sysparam/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564881/; classtype:trojan-activity;sid:84427981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564878)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/bin/tomcat8.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564878/; classtype:trojan-activity;sid:84427978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564876)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564876/; classtype:trojan-activity;sid:84427976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564874)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564874/; classtype:trojan-activity;sid:84427974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564871)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/dao/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564871/; classtype:trojan-activity;sid:84427971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564866)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564866/; classtype:trojan-activity;sid:84427966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564861)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/action/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564861/; classtype:trojan-activity;sid:84427961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564862)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564862/; classtype:trojan-activity;sid:84427962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564863)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/dto/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564863/; classtype:trojan-activity;sid:84427963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564858)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/vehicleinformation/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564858/; classtype:trojan-activity;sid:84427958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564859)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/logs/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564859/; classtype:trojan-activity;sid:84427959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564855)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/entity/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564855/; classtype:trojan-activity;sid:84427955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564852)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/entity/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564852/; classtype:trojan-activity;sid:84427952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564850)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564850/; classtype:trojan-activity;sid:84427950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564849)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564849/; classtype:trojan-activity;sid:84427949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564847)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/utils/excel/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564847/; classtype:trojan-activity;sid:84427947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564845)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/service/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564845/; classtype:trojan-activity;sid:84427945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564844)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/szclient/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564844/; classtype:trojan-activity;sid:84427944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564838)"; flow:established,from_client; content:"GET"; http_method; content:"/futai/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564838/; classtype:trojan-activity;sid:84427938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564839)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564839/; classtype:trojan-activity;sid:84427939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564832)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/service/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564832/; classtype:trojan-activity;sid:84427932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564819)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564819/; classtype:trojan-activity;sid:84427919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564820)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564820/; classtype:trojan-activity;sid:84427920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564821)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/dto/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564821/; classtype:trojan-activity;sid:84427921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564822)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/service/impl/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564822/; classtype:trojan-activity;sid:84427922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564823)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564823/; classtype:trojan-activity;sid:84427923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564809)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/jurisdict/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564809/; classtype:trojan-activity;sid:84427909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564810)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/set/service/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564810/; classtype:trojan-activity;sid:84427910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564812)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/exception/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564812/; classtype:trojan-activity;sid:84427912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564807)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/hdk/hcnetsdkcom/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564807/; classtype:trojan-activity;sid:84427907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564808)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564808/; classtype:trojan-activity;sid:84427908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564804)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/dao/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564804/; classtype:trojan-activity;sid:84427904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564801)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/mgr/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564801/; classtype:trojan-activity;sid:84427901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564800)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564800/; classtype:trojan-activity;sid:84427900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564799)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/pub/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564799/; classtype:trojan-activity;sid:84427899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564797)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564797/; classtype:trojan-activity;sid:84427897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564796)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564796/; classtype:trojan-activity;sid:84427896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564794)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564794/; classtype:trojan-activity;sid:84427894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564793)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564793/; classtype:trojan-activity;sid:84427893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564791)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/hdk/hcnetsdkcom/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564791/; classtype:trojan-activity;sid:84427891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564787)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564787/; classtype:trojan-activity;sid:84427887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564785)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/pub/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564785/; classtype:trojan-activity;sid:84427885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564783)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/service/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564783/; classtype:trojan-activity;sid:84427883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564784)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564784/; classtype:trojan-activity;sid:84427884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564781)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564781/; classtype:trojan-activity;sid:84427881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564782)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/js/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564782/; classtype:trojan-activity;sid:84427882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564780)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564780/; classtype:trojan-activity;sid:84427880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564778)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/web/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564778/; classtype:trojan-activity;sid:84427878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564777)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/base/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564777/; classtype:trojan-activity;sid:84427877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564776)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/dto/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564776/; classtype:trojan-activity;sid:84427876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564769)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564769/; classtype:trojan-activity;sid:84427869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564770)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/meta-inf/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564770/; classtype:trojan-activity;sid:84427870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564771)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/wss/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564771/; classtype:trojan-activity;sid:84427871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564766)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/root/org/apache/jsp/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564766/; classtype:trojan-activity;sid:84427866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564761)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/nvr/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564761/; classtype:trojan-activity;sid:84427861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564760)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/web/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564760/; classtype:trojan-activity;sid:84427860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564755)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/meta-inf/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564755/; classtype:trojan-activity;sid:84427855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564756)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/service/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564756/; classtype:trojan-activity;sid:84427856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564757)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/conf/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564757/; classtype:trojan-activity;sid:84427857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564753)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/mgr/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564753/; classtype:trojan-activity;sid:84427853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564752)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/action/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564752/; classtype:trojan-activity;sid:84427852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564749)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/visitwss/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564749/; classtype:trojan-activity;sid:84427849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564748)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564748/; classtype:trojan-activity;sid:84427848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564747)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/dto/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564747/; classtype:trojan-activity;sid:84427847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564746)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/css/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564746/; classtype:trojan-activity;sid:84427846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564743)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/mgr/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564743/; classtype:trojan-activity;sid:84427843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564739)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/service/impl/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564739/; classtype:trojan-activity;sid:84427839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564740)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/chkptwss/dto/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564740/; classtype:trojan-activity;sid:84427840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564737)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/action/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564737/; classtype:trojan-activity;sid:84427837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564734)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/exception/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564734/; classtype:trojan-activity;sid:84427834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564735)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564735/; classtype:trojan-activity;sid:84427835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564736)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564736/; classtype:trojan-activity;sid:84427836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564726)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/download/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564726/; classtype:trojan-activity;sid:84427826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564724)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564724/; classtype:trojan-activity;sid:84427824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564725)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/hdk/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564725/; classtype:trojan-activity;sid:84427825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564720)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/controller/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564720/; classtype:trojan-activity;sid:84427820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564717)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/dto/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564717/; classtype:trojan-activity;sid:84427817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564718)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564718/; classtype:trojan-activity;sid:84427818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564715)"; flow:established,from_client; content:"GET"; http_method; content:"/xinheyuan/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564715/; classtype:trojan-activity;sid:84427815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564713)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/dao/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564713/; classtype:trojan-activity;sid:84427813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564711)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/dao/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564711/; classtype:trojan-activity;sid:84427811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564706)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/mgr/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564706/; classtype:trojan-activity;sid:84427806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564703)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564703/; classtype:trojan-activity;sid:84427803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564704)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/service/impl/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564704/; classtype:trojan-activity;sid:84427804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564700)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/mgr/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564700/; classtype:trojan-activity;sid:84427800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564697)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/dao/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564697/; classtype:trojan-activity;sid:84427797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564693)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564693/; classtype:trojan-activity;sid:84427793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564694)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/images/icons/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564694/; classtype:trojan-activity;sid:84427794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564685)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/hdk/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564685/; classtype:trojan-activity;sid:84427785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564686)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564686/; classtype:trojan-activity;sid:84427786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564687)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/service/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564687/; classtype:trojan-activity;sid:84427787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564681)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/mgr/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564681/; classtype:trojan-activity;sid:84427781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564682)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564682/; classtype:trojan-activity;sid:84427782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564675)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/lib/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564675/; classtype:trojan-activity;sid:84427775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564674)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564674/; classtype:trojan-activity;sid:84427774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564673)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/bin/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564673/; classtype:trojan-activity;sid:84427773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564672)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/pdauser/dao/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564672/; classtype:trojan-activity;sid:84427772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564671)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/entity/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564671/; classtype:trojan-activity;sid:84427771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564669)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564669/; classtype:trojan-activity;sid:84427769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564670)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/service/impl/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564670/; classtype:trojan-activity;sid:84427770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564666)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/utils/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564666/; classtype:trojan-activity;sid:84427766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564667)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/dao/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564667/; classtype:trojan-activity;sid:84427767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564665)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564665/; classtype:trojan-activity;sid:84427765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564659)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/service/impl/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564659/; classtype:trojan-activity;sid:84427759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564660)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/spotckeck/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564660/; classtype:trojan-activity;sid:84427760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564653)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/entity/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564653/; classtype:trojan-activity;sid:84427753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564654)"; flow:established,from_client; content:"GET"; http_method; content:"/hengsheng/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564654/; classtype:trojan-activity;sid:84427754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564655)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564655/; classtype:trojan-activity;sid:84427755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564648)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/service/impl/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564648/; classtype:trojan-activity;sid:84427748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564644)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/pdauser/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564644/; classtype:trojan-activity;sid:84427744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564640)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/base/dto/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564640/; classtype:trojan-activity;sid:84427740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564641)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/dao/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564641/; classtype:trojan-activity;sid:84427741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564636)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/dto/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564636/; classtype:trojan-activity;sid:84427736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564638)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/dao/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564638/; classtype:trojan-activity;sid:84427738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564633)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/visitwss/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564633/; classtype:trojan-activity;sid:84427733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564634)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/service/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564634/; classtype:trojan-activity;sid:84427734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564635)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564635/; classtype:trojan-activity;sid:84427735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564630)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/entity/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564630/; classtype:trojan-activity;sid:84427730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564629)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/dept/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564629/; classtype:trojan-activity;sid:84427729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564620)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564620/; classtype:trojan-activity;sid:84427720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564621)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/service/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564621/; classtype:trojan-activity;sid:84427721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564616)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/web/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564616/; classtype:trojan-activity;sid:84427716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564611)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/dept/web/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564611/; classtype:trojan-activity;sid:84427711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564599)"; flow:established,from_client; content:"GET"; http_method; content:"/guirui/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564599/; classtype:trojan-activity;sid:84427699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564600)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/info.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564600/; classtype:trojan-activity;sid:84427700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564601)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564601/; classtype:trojan-activity;sid:84427701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564602)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/action/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564602/; classtype:trojan-activity;sid:84427702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564603)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/action/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564603/; classtype:trojan-activity;sid:84427703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564597)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/dao/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564597/; classtype:trojan-activity;sid:84427697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564598)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564598/; classtype:trojan-activity;sid:84427698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564594)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564594/; classtype:trojan-activity;sid:84427694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564595)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564595/; classtype:trojan-activity;sid:84427695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564596)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/service/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564596/; classtype:trojan-activity;sid:84427696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564593)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/utils/excel/annotation/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564593/; classtype:trojan-activity;sid:84427693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564592)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/set/service/impl/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564592/; classtype:trojan-activity;sid:84427692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564589)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/utils/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564589/; classtype:trojan-activity;sid:84427689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564590)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/dao/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564590/; classtype:trojan-activity;sid:84427690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564583)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/service/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564583/; classtype:trojan-activity;sid:84427683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564584)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%96%b0%e6%96%87%e4%bb%b6%e5%a4%b9%20(2)/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564584/; classtype:trojan-activity;sid:84427684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564585)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564585/; classtype:trojan-activity;sid:84427685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564581)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/service/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564581/; classtype:trojan-activity;sid:84427681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564578)"; flow:established,from_client; content:"GET"; http_method; content:"/haohua/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564578/; classtype:trojan-activity;sid:84427678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564577)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/base/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564577/; classtype:trojan-activity;sid:84427677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564576)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/count/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564576/; classtype:trojan-activity;sid:84427676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564574)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/dao/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564574/; classtype:trojan-activity;sid:84427674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564575)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564575/; classtype:trojan-activity;sid:84427675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564569)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564569/; classtype:trojan-activity;sid:84427669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564568)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/service/impl/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564568/; classtype:trojan-activity;sid:84427668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564566)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/rgsy/system/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564566/; classtype:trojan-activity;sid:84427666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564565)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/chkpt/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564565/; classtype:trojan-activity;sid:84427665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564563)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564563/; classtype:trojan-activity;sid:84427663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564561)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/controller/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564561/; classtype:trojan-activity;sid:84427661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564562)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564562/; classtype:trojan-activity;sid:84427662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564559)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/entity/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564559/; classtype:trojan-activity;sid:84427659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564554)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/lib/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564554/; classtype:trojan-activity;sid:84427654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564542)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/root/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564542/; classtype:trojan-activity;sid:84427642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564543)"; flow:established,from_client; content:"GET"; http_method; content:"/kaifa/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564543/; classtype:trojan-activity;sid:84427643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564544)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/dto/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564544/; classtype:trojan-activity;sid:84427644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564545)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564545/; classtype:trojan-activity;sid:84427645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564539)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564539/; classtype:trojan-activity;sid:84427639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564540)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/viewws/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564540/; classtype:trojan-activity;sid:84427640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564541)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/pdawss/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564541/; classtype:trojan-activity;sid:84427641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564538)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/web/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564538/; classtype:trojan-activity;sid:84427638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564534)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564534/; classtype:trojan-activity;sid:84427634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564535)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/ckwss/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564535/; classtype:trojan-activity;sid:84427635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564536)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/action/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564536/; classtype:trojan-activity;sid:84427636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564537)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564537/; classtype:trojan-activity;sid:84427637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564527)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564527/; classtype:trojan-activity;sid:84427627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564528)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564528/; classtype:trojan-activity;sid:84427628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564529)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/web/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564529/; classtype:trojan-activity;sid:84427629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564526)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/temp/poifiles/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564526/; classtype:trojan-activity;sid:84427626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564522)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/report/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564522/; classtype:trojan-activity;sid:84427622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564521)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/dao/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564521/; classtype:trojan-activity;sid:84427621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564519)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/visitwss/dto/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564519/; classtype:trojan-activity;sid:84427619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564518)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/entity/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564518/; classtype:trojan-activity;sid:84427618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564515)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564515/; classtype:trojan-activity;sid:84427615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564514)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/action/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564514/; classtype:trojan-activity;sid:84427614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564509)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/dao/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564509/; classtype:trojan-activity;sid:84427609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564500)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564500/; classtype:trojan-activity;sid:84427600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564502)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/dao/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564502/; classtype:trojan-activity;sid:84427602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564498)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/dept/service/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564498/; classtype:trojan-activity;sid:84427598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564499)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/dept/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564499/; classtype:trojan-activity;sid:84427599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564497)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564497/; classtype:trojan-activity;sid:84427597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563547)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/fonts/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563547/; classtype:trojan-activity;sid:84426647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563546)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/conn/img001.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563546/; classtype:trojan-activity;sid:84426646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563543)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/img001.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563543/; classtype:trojan-activity;sid:84426643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563544)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/img001.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563544/; classtype:trojan-activity;sid:84426644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563545)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/css/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563545/; classtype:trojan-activity;sid:84426645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563540)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563540/; classtype:trojan-activity;sid:84426640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563541)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/conn/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563541/; classtype:trojan-activity;sid:84426641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563535)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/fonts/img001.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563535/; classtype:trojan-activity;sid:84426635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563536)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/css/img001.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563536/; classtype:trojan-activity;sid:84426636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563539)"; flow:established,from_client; content:"GET"; http_method; content:"/aspjpeg_setup%e5%9b%be%e7%89%87%e5%a4%84%e7%90%86%e7%bb%84%e4%bb%b6/img001.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563539/; classtype:trojan-activity;sid:84426639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563533)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/css/img001.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563533/; classtype:trojan-activity;sid:84426633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563454)"; flow:established,from_client; content:"GET"; http_method; content:"/ngrok.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.201.174.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563454/; classtype:trojan-activity;sid:84426554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563449)"; flow:established,from_client; content:"GET"; http_method; content:"/evil.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.158.33.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563449/; classtype:trojan-activity;sid:84426549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563446)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.206.214.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563446/; classtype:trojan-activity;sid:84426546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563444)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.136.88.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563444/; classtype:trojan-activity;sid:84426544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563445)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.33.243.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563445/; classtype:trojan-activity;sid:84426545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563441)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"175.178.174.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563441/; classtype:trojan-activity;sid:84426541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563442)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"175.178.174.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563442/; classtype:trojan-activity;sid:84426542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563443)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.136.94.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563443/; classtype:trojan-activity;sid:84426543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563434)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.53.72.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563434/; classtype:trojan-activity;sid:84426534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563435)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.136.51.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563435/; classtype:trojan-activity;sid:84426535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563437)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"106.53.72.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563437/; classtype:trojan-activity;sid:84426537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563438)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"175.178.251.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563438/; classtype:trojan-activity;sid:84426538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563439)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"175.24.81.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563439/; classtype:trojan-activity;sid:84426539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563440)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.220.78.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563440/; classtype:trojan-activity;sid:84426540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563432)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"42.193.115.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563432/; classtype:trojan-activity;sid:84426532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563433)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.207.73.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563433/; classtype:trojan-activity;sid:84426533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563431)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.157.148.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563431/; classtype:trojan-activity;sid:84426531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563430)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.157.200.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563430/; classtype:trojan-activity;sid:84426530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563429)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"175.24.81.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563429/; classtype:trojan-activity;sid:84426529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563425)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.136.51.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563425/; classtype:trojan-activity;sid:84426525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563426)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"123.207.73.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563426/; classtype:trojan-activity;sid:84426526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563427)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"175.178.251.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563427/; classtype:trojan-activity;sid:84426527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563416)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"124.220.78.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563416/; classtype:trojan-activity;sid:84426516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563417)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"101.33.243.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563417/; classtype:trojan-activity;sid:84426517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563418)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"42.193.115.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563418/; classtype:trojan-activity;sid:84426518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563419)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"82.157.148.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563419/; classtype:trojan-activity;sid:84426519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563420)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"123.206.214.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563420/; classtype:trojan-activity;sid:84426520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563421)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.136.94.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563421/; classtype:trojan-activity;sid:84426521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563424)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.136.88.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563424/; classtype:trojan-activity;sid:84426524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563412)"; flow:established,from_client; content:"GET"; http_method; content:"/ios.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"111.229.234.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563412/; classtype:trojan-activity;sid:84426512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563413)"; flow:established,from_client; content:"GET"; http_method; content:"/android.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.142.186.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563413/; classtype:trojan-activity;sid:84426513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563411)"; flow:established,from_client; content:"GET"; http_method; content:"/nginx.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.234.82.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563411/; classtype:trojan-activity;sid:84426511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563405)"; flow:established,from_client; content:"GET"; http_method; content:"/ios.lnk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"111.229.234.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563405/; classtype:trojan-activity;sid:84426505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563394)"; flow:established,from_client; content:"GET"; http_method; content:"/android.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.142.186.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563394/; classtype:trojan-activity;sid:84426494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563388)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.132.86.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563388/; classtype:trojan-activity;sid:84426488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563389)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.233.178.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563389/; classtype:trojan-activity;sid:84426489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563387)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.233.189.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563387/; classtype:trojan-activity;sid:84426487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563385)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.139.88.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563385/; classtype:trojan-activity;sid:84426485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563386)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.138.242.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563386/; classtype:trojan-activity;sid:84426486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563384)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.55.134.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563384/; classtype:trojan-activity;sid:84426484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563383)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.136.28.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563383/; classtype:trojan-activity;sid:84426483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563382)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.138.163.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563382/; classtype:trojan-activity;sid:84426482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563380)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.73.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563380/; classtype:trojan-activity;sid:84426480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563381)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"124.223.73.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563381/; classtype:trojan-activity;sid:84426481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563379)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.132.185.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563379/; classtype:trojan-activity;sid:84426479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563376)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"129.211.27.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563376/; classtype:trojan-activity;sid:84426476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563378)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"124.220.93.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563378/; classtype:trojan-activity;sid:84426478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563374)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"42.194.199.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563374/; classtype:trojan-activity;sid:84426474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563375)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.89.84.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563375/; classtype:trojan-activity;sid:84426475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563372)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.138.242.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563372/; classtype:trojan-activity;sid:84426472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563373)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"114.132.86.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563373/; classtype:trojan-activity;sid:84426473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563368)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.139.244.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563368/; classtype:trojan-activity;sid:84426468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563369)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.233.172.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563369/; classtype:trojan-activity;sid:84426469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563370)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"129.204.226.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563370/; classtype:trojan-activity;sid:84426470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563371)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"106.52.165.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563371/; classtype:trojan-activity;sid:84426471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563361)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"49.233.178.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563361/; classtype:trojan-activity;sid:84426461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563362)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.139.88.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563362/; classtype:trojan-activity;sid:84426462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563363)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"49.233.172.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563363/; classtype:trojan-activity;sid:84426463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563364)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.91.58.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563364/; classtype:trojan-activity;sid:84426464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563358)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.29.5.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563358/; classtype:trojan-activity;sid:84426458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563360)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.52.183.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563360/; classtype:trojan-activity;sid:84426460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563355)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"49.232.194.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563355/; classtype:trojan-activity;sid:84426455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563357)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"129.211.27.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563357/; classtype:trojan-activity;sid:84426457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563354)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.91.199.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563354/; classtype:trojan-activity;sid:84426454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563351)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.220.93.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563351/; classtype:trojan-activity;sid:84426451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563346)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"110.40.187.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563346/; classtype:trojan-activity;sid:84426446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563348)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.138.163.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563348/; classtype:trojan-activity;sid:84426448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563349)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"81.69.185.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563349/; classtype:trojan-activity;sid:84426449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563344)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.232.194.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563344/; classtype:trojan-activity;sid:84426444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563345)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.52.165.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563345/; classtype:trojan-activity;sid:84426445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563343)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.69.185.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563343/; classtype:trojan-activity;sid:84426443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563340)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.232.134.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563340/; classtype:trojan-activity;sid:84426440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563342)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"129.204.226.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563342/; classtype:trojan-activity;sid:84426442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563338)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"211.159.155.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563338/; classtype:trojan-activity;sid:84426438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563339)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"140.143.190.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563339/; classtype:trojan-activity;sid:84426439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563337)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"110.40.187.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563337/; classtype:trojan-activity;sid:84426437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563336)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"106.55.134.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563336/; classtype:trojan-activity;sid:84426436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563334)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"114.132.185.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563334/; classtype:trojan-activity;sid:84426434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563329)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.199.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563329/; classtype:trojan-activity;sid:84426429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563320)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.58.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563320/; classtype:trojan-activity;sid:84426420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563321)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.136.28.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563321/; classtype:trojan-activity;sid:84426421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563322)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"211.159.155.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563322/; classtype:trojan-activity;sid:84426422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563323)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"106.52.183.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563323/; classtype:trojan-activity;sid:84426423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563324)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.29.5.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563324/; classtype:trojan-activity;sid:84426424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563326)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"175.178.112.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563326/; classtype:trojan-activity;sid:84426426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563315)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"49.233.189.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563315/; classtype:trojan-activity;sid:84426415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563316)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"49.232.134.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563316/; classtype:trojan-activity;sid:84426416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563317)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"140.143.190.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563317/; classtype:trojan-activity;sid:84426417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563318)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"118.89.84.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563318/; classtype:trojan-activity;sid:84426418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563319)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.139.244.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563319/; classtype:trojan-activity;sid:84426419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563080)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/testlnk1.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"94.159.99.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563080/; classtype:trojan-activity;sid:84426180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.200.149.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563068/; classtype:trojan-activity;sid:84426168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562926)"; flow:established,from_client; content:"GET"; http_method; content:"/mar10/wsgidav/archive/refs/heads/master.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3562926/; classtype:trojan-activity;sid:84426026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562827)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.239.7.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3562827/; classtype:trojan-activity;sid:84425927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562803)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-linux-elf"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562803/; classtype:trojan-activity;sid:84425903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562785)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-exe.exe.000"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562785/; classtype:trojan-activity;sid:84425885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562786)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-doc.doc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562786/; classtype:trojan-activity;sid:84425886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562789)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-excel.xls"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562789/; classtype:trojan-activity;sid:84425889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562778)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/msglu32.ocx"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562778/; classtype:trojan-activity;sid:84425878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562769)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/advnetcfg.ocx"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562769/; classtype:trojan-activity;sid:84425869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562770)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/icecast2_2.0.0_vulnerable.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562770/; classtype:trojan-activity;sid:84425870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562771)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/mssecmgr.ocx"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562771/; classtype:trojan-activity;sid:84425871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562772)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/dnsmasq-2.73rc7.tar.gz"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562772/; classtype:trojan-activity;sid:84425872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562774)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/boot32drv.sys"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562774/; classtype:trojan-activity;sid:84425874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562775)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/energizertrojan-malware.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562775/; classtype:trojan-activity;sid:84425875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562766)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/nteps32.ocx"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562766/; classtype:trojan-activity;sid:84425866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562767)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/dnsmasq-2.73rc7.tar.gz"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562767/; classtype:trojan-activity;sid:84425867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562765)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/icecast2_2.0.0_vulnerable.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562765/; classtype:trojan-activity;sid:84425865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562763)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/ccalc32.sys"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562763/; classtype:trojan-activity;sid:84425863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562760)"; flow:established,from_client; content:"GET"; http_method; content:"/evil.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"130.61.242.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562760/; classtype:trojan-activity;sid:84425860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562759)"; flow:established,from_client; content:"GET"; http_method; content:"/evilflashlight.apk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"130.61.242.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562759/; classtype:trojan-activity;sid:84425859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562757)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp_linux_amd64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"101.43.49.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562757/; classtype:trojan-activity;sid:84425857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562758)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2020-15972/tear-down.js"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"119.28.140.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562758/; classtype:trojan-activity;sid:84425858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562752)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.45.29.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562752/; classtype:trojan-activity;sid:84425852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562750)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.138.30.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562750/; classtype:trojan-activity;sid:84425850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562749)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.138.30.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562749/; classtype:trojan-activity;sid:84425849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562746)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.138.30.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562746/; classtype:trojan-activity;sid:84425846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562747)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.48.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562747/; classtype:trojan-activity;sid:84425847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.232.167.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562728/; classtype:trojan-activity;sid:84425828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.83.229.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562709/; classtype:trojan-activity;sid:84425809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562711)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.167.219.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562711/; classtype:trojan-activity;sid:84425811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.116.56.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562678/; classtype:trojan-activity;sid:84425778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562662)"; flow:established,from_client; content:"GET"; http_method; content:"/botx.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.247.226.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562662/; classtype:trojan-activity;sid:84425762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562661)"; flow:established,from_client; content:"GET"; http_method; content:"/botx.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.247.226.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562661/; classtype:trojan-activity;sid:84425761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562600)"; flow:established,from_client; content:"GET"; http_method; content:"/zusyaku/malware-collection-part-2/refs/heads/main/666/666.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562600/; classtype:trojan-activity;sid:84425700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562599)"; flow:established,from_client; content:"GET"; http_method; content:"/wp.bat"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562599/; classtype:trojan-activity;sid:84425699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562593)"; flow:established,from_client; content:"GET"; http_method; content:"/platinum.mp4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.modernitgen.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562593/; classtype:trojan-activity;sid:84425693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562585)"; flow:established,from_client; content:"GET"; http_method; content:"/jtemt5nxbrnq5jc.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562585/; classtype:trojan-activity;sid:84425685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562561)"; flow:established,from_client; content:"GET"; http_method; content:"/80ak2ymfb6vbkeu.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562561/; classtype:trojan-activity;sid:84425661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562404)"; flow:established,from_client; content:"GET"; http_method; content:"/live.lnk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.116.190.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562404/; classtype:trojan-activity;sid:84425504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562403)"; flow:established,from_client; content:"GET"; http_method; content:"/uat.lnk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.116.190.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562403/; classtype:trojan-activity;sid:84425503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562166)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.237.122.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3562166/; classtype:trojan-activity;sid:84425266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562165)"; flow:established,from_client; content:"GET"; http_method; content:"/shell_le"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"20.243.255.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3562165/; classtype:trojan-activity;sid:84425265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562115)"; flow:established,from_client; content:"GET"; http_method; content:"/wcgiebin/iionsffbyutdsvdsjsvtjfbdjdtbdfndgd/usbsjsivsjskjvdjd.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"www.js-hurling.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3562115/; classtype:trojan-activity;sid:84425215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561991)"; flow:established,from_client; content:"GET"; http_method; content:"/wyverntkc/cpuminer-gr-avx2/releases/download/1.2.4.1/cpuminer-gr-1.2.4.1-x86_64_windows.7z"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561991/; classtype:trojan-activity;sid:84425091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561989)"; flow:established,from_client; content:"GET"; http_method; content:"/wyverntkc/cpuminer-gr-avx2/archive/refs/tags/1.2.4.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561989/; classtype:trojan-activity;sid:84425089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561990)"; flow:established,from_client; content:"GET"; http_method; content:"/wyverntkc/cpuminer-gr-avx2/archive/refs/tags/1.2.4.1.tar.gz"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561990/; classtype:trojan-activity;sid:84425090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561988)"; flow:established,from_client; content:"GET"; http_method; content:"/wyverntkc/cpuminer-gr-avx2/releases/download/1.2.4.1/cpuminer-gr-1.2.4.1-args-x86_64_linux.tar.gz"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561988/; classtype:trojan-activity;sid:84425088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561860)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1746669868_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.yz.tcdnos.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561860/; classtype:trojan-activity;sid:84424960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561859)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747308966_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.bytes.tcdnos.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561859/; classtype:trojan-activity;sid:84424959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561858)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747209335_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.bytes.tcdnos.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561858/; classtype:trojan-activity;sid:84424958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561857)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747732120_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.bytes.tcdnos.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561857/; classtype:trojan-activity;sid:84424957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561856)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747640975_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.bytes.tcdnos.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561856/; classtype:trojan-activity;sid:84424956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561839)"; flow:established,from_client; content:"GET"; http_method; content:"/files/data/drss/drbw.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"124.223.105.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561839/; classtype:trojan-activity;sid:84424939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561815)"; flow:established,from_client; content:"GET"; http_method; content:"/zwmtvdks2rnf9im.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561815/; classtype:trojan-activity;sid:84424915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561813)"; flow:established,from_client; content:"GET"; http_method; content:"/eu80ak2ymfb6vbk.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561813/; classtype:trojan-activity;sid:84424913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561730)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-doc.doc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561730/; classtype:trojan-activity;sid:84424830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561731)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-excel.xls"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561731/; classtype:trojan-activity;sid:84424831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561727)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561727/; classtype:trojan-activity;sid:84424827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561729)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-exe.exe.000"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561729/; classtype:trojan-activity;sid:84424829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561688)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%b8%bb%e6%9c%ba%e5%a4%a7%e6%bc%a0/photo.scr"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"120.77.253.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561688/; classtype:trojan-activity;sid:84424788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561687)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%a4%a7%e6%bc%a0/%e5%85%b3%e9%97%adwin10%e8%87%aa%e5%b8%a6%e6%9d%80%e6%af%92/photo.scr"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"120.77.253.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561687/; classtype:trojan-activity;sid:84424787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561686)"; flow:established,from_client; content:"GET"; http_method; content:"/yp/photo.scr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"120.77.253.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561686/; classtype:trojan-activity;sid:84424786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561685)"; flow:established,from_client; content:"GET"; http_method; content:"/python/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"120.77.253.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561685/; classtype:trojan-activity;sid:84424785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561684)"; flow:established,from_client; content:"GET"; http_method; content:"/aso12/photo.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"120.77.253.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561684/; classtype:trojan-activity;sid:84424784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561683)"; flow:established,from_client; content:"GET"; http_method; content:"/xueke/photo.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"120.77.253.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561683/; classtype:trojan-activity;sid:84424783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561682)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%a4%a7%e6%bc%a0/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"120.77.253.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561682/; classtype:trojan-activity;sid:84424782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561681)"; flow:established,from_client; content:"GET"; http_method; content:"/deb/photo.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"120.77.253.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561681/; classtype:trojan-activity;sid:84424781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561679)"; flow:established,from_client; content:"GET"; http_method; content:"/dnf_pm/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"120.77.253.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561679/; classtype:trojan-activity;sid:84424779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561678)"; flow:established,from_client; content:"GET"; http_method; content:"/pic/photo.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"120.77.253.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561678/; classtype:trojan-activity;sid:84424778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561677)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%a4%a7%e6%bc%a0/win10%e7%a6%81%e6%ad%a2%e5%8d%87%e7%ba%a7/photo.scr"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"120.77.253.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561677/; classtype:trojan-activity;sid:84424777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561267)"; flow:established,from_client; content:"GET"; http_method; content:"/b12c87cb-d08b-43f6-abbd-11e7f745c9c1/orderlist.js"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"ucarecdn.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_12; reference:url, urlhaus.abuse.ch/url/3561267/; classtype:trojan-activity;sid:84424367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561096)"; flow:established,from_client; content:"GET"; http_method; content:"/sun32.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.94.184.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3561096/; classtype:trojan-activity;sid:84424196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561086)"; flow:established,from_client; content:"GET"; http_method; content:"/zbsm.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.94.184.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3561086/; classtype:trojan-activity;sid:84424186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561082)"; flow:established,from_client; content:"GET"; http_method; content:"/1.jsp"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1.94.184.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3561082/; classtype:trojan-activity;sid:84424182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561083)"; flow:established,from_client; content:"GET"; http_method; content:"/poc.xml"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1.94.184.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3561083/; classtype:trojan-activity;sid:84424183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561072)"; flow:established,from_client; content:"GET"; http_method; content:"/ni/11.cmd"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"198.46.142.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3561072/; classtype:trojan-activity;sid:84424172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560607)"; flow:established,from_client; content:"GET"; http_method; content:"/kij.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3560607/; classtype:trojan-activity;sid:84423707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560550)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig.tar.gz"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"14.103.234.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3560550/; classtype:trojan-activity;sid:84423650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560546)"; flow:established,from_client; content:"GET"; http_method; content:"/setup_c3pool_miner.sh"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"14.103.234.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3560546/; classtype:trojan-activity;sid:84423646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560462)"; flow:established,from_client; content:"GET"; http_method; content:"/setup/terminal.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"vip.3a9.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560462/; classtype:trojan-activity;sid:84423562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560463)"; flow:established,from_client; content:"GET"; http_method; content:"/website1/hue2/view.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"xemhang.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560463/; classtype:trojan-activity;sid:84423563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560460)"; flow:established,from_client; content:"GET"; http_method; content:"/yc.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560460/; classtype:trojan-activity;sid:84423560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560453)"; flow:established,from_client; content:"GET"; http_method; content:"/annym1/start/main/dnd.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560453/; classtype:trojan-activity;sid:84423553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560452)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/ransomware/annabelle.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560452/; classtype:trojan-activity;sid:84423552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560449)"; flow:established,from_client; content:"GET"; http_method; content:"/rzm-crack-team/redline-crack/main/redline-crack-by-rzt.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560449/; classtype:trojan-activity;sid:84423549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560445)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/master/ydrag.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560445/; classtype:trojan-activity;sid:84423545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560439)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/loic/master/loic.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560439/; classtype:trojan-activity;sid:84423539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560434)"; flow:established,from_client; content:"GET"; http_method; content:"/phantompeek/kematian/main/frontend-src/kematian_shellcode.ps1"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560434/; classtype:trojan-activity;sid:84423534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560418)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/ransomware/cryptowall.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560418/; classtype:trojan-activity;sid:84423518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560419)"; flow:established,from_client; content:"GET"; http_method; content:"/phantompeek/kematian/main/frontend-src/main.ps1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560419/; classtype:trojan-activity;sid:84423519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560422)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/ransomware/cryptolocker.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560422/; classtype:trojan-activity;sid:84423522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560416)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/prolin.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560416/; classtype:trojan-activity;sid:84423516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560412)"; flow:established,from_client; content:"GET"; http_method; content:"/phantompeek/kematian/main/frontend-src/main.bat"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560412/; classtype:trojan-activity;sid:84423512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560414)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/funbatchcode-malicousandnonmalicous/master/worm.bat"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560414/; classtype:trojan-activity;sid:84423514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560409)"; flow:established,from_client; content:"GET"; http_method; content:"/noccenter/noccenter/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560409/; classtype:trojan-activity;sid:84423509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560410)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflip-op-predictor/main/bloxflip%20predictor.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560410/; classtype:trojan-activity;sid:84423510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560392)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/set-2%20firmware%204.01.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"cegelecinfo.fr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560392/; classtype:trojan-activity;sid:84423492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560391)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/files/9/%e2%ab%b8%ec%a0%9c%ed%92%88%ec%82%ac%ec%9a%a9%ec%a0%84%20%ed%95%84%ec%88%98%ec%85%8b%ed%8c%85%e2%ab%b7.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"sanhack.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560391/; classtype:trojan-activity;sid:84423491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560386)"; flow:established,from_client; content:"GET"; http_method; content:"/_private/me3_setup.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"me3.ne.jp"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560386/; classtype:trojan-activity;sid:84423486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560385)"; flow:established,from_client; content:"GET"; http_method; content:"/pc/pdfconvert/pdfconverter_p2w154-zx-666.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"download.pdf00.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560385/; classtype:trojan-activity;sid:84423485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560380)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rod_en_1.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.r-tt.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560380/; classtype:trojan-activity;sid:84423480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560381)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rmd_en_1.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.r-tt.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560381/; classtype:trojan-activity;sid:84423481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560383)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rxd_en_1.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.r-tt.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560383/; classtype:trojan-activity;sid:84423483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560378)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/bunglers/build.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"www.techgeeks.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560378/; classtype:trojan-activity;sid:84423478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560299)"; flow:established,from_client; content:"GET"; http_method; content:"/arm61"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560299/; classtype:trojan-activity;sid:84423399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560297)"; flow:established,from_client; content:"GET"; http_method; content:"/sex.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560297/; classtype:trojan-activity;sid:84423397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560209)"; flow:established,from_client; content:"GET"; http_method; content:"/cybertoxin/remcos-professional-cracked-by-alcatraz3222/raw/master/remcos%20professional%20cracked%20by%20alcatraz3222.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560209/; classtype:trojan-activity;sid:84423309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560098)"; flow:established,from_client; content:"GET"; http_method; content:"/copilotdriver.vbs"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"181.206.158.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560098/; classtype:trojan-activity;sid:84423198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560095)"; flow:established,from_client; content:"GET"; http_method; content:"/copilotdriver.vbs"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"181.206.158.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560095/; classtype:trojan-activity;sid:84423195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560034)"; flow:established,from_client; content:"GET"; http_method; content:"/586"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560034/; classtype:trojan-activity;sid:84423134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560035)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560035/; classtype:trojan-activity;sid:84423135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560036)"; flow:established,from_client; content:"GET"; http_method; content:"/dss"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560036/; classtype:trojan-activity;sid:84423136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560037)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560037/; classtype:trojan-activity;sid:84423137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560038)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560038/; classtype:trojan-activity;sid:84423138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560039)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560039/; classtype:trojan-activity;sid:84423139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560040)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560040/; classtype:trojan-activity;sid:84423140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560041)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560041/; classtype:trojan-activity;sid:84423141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560042)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560042/; classtype:trojan-activity;sid:84423142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560043)"; flow:established,from_client; content:"GET"; http_method; content:"/co"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560043/; classtype:trojan-activity;sid:84423143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559942)"; flow:established,from_client; content:"GET"; http_method; content:"/866.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pub-1445de8c8aa84761aac5200e0036237d.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3559942/; classtype:trojan-activity;sid:84423042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559697)"; flow:established,from_client; content:"GET"; http_method; content:"/trash/tdkywzxm.vdf"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hogarsancamilo.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3559697/; classtype:trojan-activity;sid:84422797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559692)"; flow:established,from_client; content:"GET"; http_method; content:"/trash/zrdabuukqo.mp4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"hogarsancamilo.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3559692/; classtype:trojan-activity;sid:84422792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559225)"; flow:established,from_client; content:"GET"; http_method; content:"/viper4k/malware/master/666/666.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559225/; classtype:trojan-activity;sid:84422325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559224)"; flow:established,from_client; content:"GET"; http_method; content:"/viper4k/malware/refs/heads/master/666/666.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559224/; classtype:trojan-activity;sid:84422324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559218)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e6%95%b0%e6%8d%ae%e6%8e%a5%e6%94%b6%e7%ae%a1%e7%90%86.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"47.114.4.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559218/; classtype:trojan-activity;sid:84422318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559217)"; flow:established,from_client; content:"GET"; http_method; content:"/public/update/bmw_v1.7.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"acc.jiangsujiaxue.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559217/; classtype:trojan-activity;sid:84422317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559216)"; flow:established,from_client; content:"GET"; http_method; content:"/classticket.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"class1004.dothome.co.kr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559216/; classtype:trojan-activity;sid:84422316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559211)"; flow:established,from_client; content:"GET"; http_method; content:"/static/download/teleport-assist-windows.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"58.49.210.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559211/; classtype:trojan-activity;sid:84422311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559210)"; flow:established,from_client; content:"GET"; http_method; content:"/update/mypacs.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"47.114.4.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559210/; classtype:trojan-activity;sid:84422310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559208)"; flow:established,from_client; content:"GET"; http_method; content:"/yx/dts/sqft/904576/yx_dts.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"d.14yaa.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559208/; classtype:trojan-activity;sid:84422308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559206)"; flow:established,from_client; content:"GET"; http_method; content:"/cmd/services.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"43.229.135.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559206/; classtype:trojan-activity;sid:84422306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559203)"; flow:established,from_client; content:"GET"; http_method; content:"/abokiii55%205.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559203/; classtype:trojan-activity;sid:84422303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559123)"; flow:established,from_client; content:"GET"; http_method; content:"/nps.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"118.219.11.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559123/; classtype:trojan-activity;sid:84422223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559046)"; flow:established,from_client; content:"GET"; http_method; content:"/shell.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"body.alwaysdata.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559046/; classtype:trojan-activity;sid:84422146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559040)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/keystone.dll"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559040/; classtype:trojan-activity;sid:84422140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559037)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/sgn.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559037/; classtype:trojan-activity;sid:84422137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559033)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/bsodlogicbomb.ps1"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559033/; classtype:trojan-activity;sid:84422133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559034)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/powersyringe.ps1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559034/; classtype:trojan-activity;sid:84422134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559022)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/invoke-reflectivepeinjection.ps1"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559022/; classtype:trojan-activity;sid:84422122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559025)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/pe2shc.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559025/; classtype:trojan-activity;sid:84422125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559019)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/encrypted.enc"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559019/; classtype:trojan-activity;sid:84422119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559009)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/masquerade-peb.ps1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559009/; classtype:trojan-activity;sid:84422109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559012)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/uacbstartup.ps1"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559012/; classtype:trojan-activity;sid:84422112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559014)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/invoke-shellcode-fixed.ps1"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559014/; classtype:trojan-activity;sid:84422114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559015)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/onedoesnotsimplybypassentirewindefender.ps1"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559015/; classtype:trojan-activity;sid:84422115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559005)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/migrate.rb"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559005/; classtype:trojan-activity;sid:84422105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559006)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/base64.rb"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559006/; classtype:trojan-activity;sid:84422106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558975)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/bugsoft.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558975/; classtype:trojan-activity;sid:84422075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558976)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/brontok.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558976/; classtype:trojan-activity;sid:84422076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558977)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/banking-malware/zloader.xlsm"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558977/; classtype:trojan-activity;sid:84422077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558973)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/anap.a.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558973/; classtype:trojan-activity;sid:84422073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558974)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/axam.a.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558974/; classtype:trojan-activity;sid:84422074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558966)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/banking-malware/emotet.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558966/; classtype:trojan-activity;sid:84422066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558967)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/amus.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558967/; classtype:trojan-activity;sid:84422067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558969)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/rickware/master/rickroll.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558969/; classtype:trojan-activity;sid:84422069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558917)"; flow:established,from_client; content:"GET"; http_method; content:"/linkinggg55%205.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558917/; classtype:trojan-activity;sid:84422017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558914)"; flow:established,from_client; content:"GET"; http_method; content:"/linkingg66%206.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558914/; classtype:trojan-activity;sid:84422014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558915)"; flow:established,from_client; content:"GET"; http_method; content:"/obii55%205.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558915/; classtype:trojan-activity;sid:84422015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558659)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.115.236.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558659/; classtype:trojan-activity;sid:84421759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558624/; classtype:trojan-activity;sid:84421724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.156.10.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558632/; classtype:trojan-activity;sid:84421732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.73.64.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558634/; classtype:trojan-activity;sid:84421734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558602)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.26.97.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558602/; classtype:trojan-activity;sid:84421702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558516)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e6%a2%a6%e6%83%b3%e8%bf%9c%e7%a8%8b%e4%bc%9a%e8%af%8a%e6%95%99%e6%8e%88%e5%b9%b3%e5%8f%b0.exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"47.114.4.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558516/; classtype:trojan-activity;sid:84421616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558514)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e6%a2%a6%e6%83%b3%e8%bf%9c%e7%a8%8b%e4%bc%9a%e8%af%8a%e7%94%a8%e6%88%b7%e5%b9%b3%e5%8f%b0.exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"47.114.4.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558514/; classtype:trojan-activity;sid:84421614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558506)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e6%82%a3%e8%80%85%e5%88%97%e8%a1%a8%e7%ae%a1%e7%90%86.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"47.114.4.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558506/; classtype:trojan-activity;sid:84421606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558504)"; flow:established,from_client; content:"GET"; http_method; content:"/1.dll"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"143.92.51.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558504/; classtype:trojan-activity;sid:84421604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558501)"; flow:established,from_client; content:"GET"; http_method; content:"/g7_update.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"118.219.11.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558501/; classtype:trojan-activity;sid:84421601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558498)"; flow:established,from_client; content:"GET"; http_method; content:"/c1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.56.35.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558498/; classtype:trojan-activity;sid:84421598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558331)"; flow:established,from_client; content:"GET"; http_method; content:"/iluxa94/-3-/main/%d0%a4%d0%be%d1%80%d0%bc%d0%b0%203%d0%9e%d0%a8%d0%91%d0%a0.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558331/; classtype:trojan-activity;sid:84421431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558302)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/amsibypass/main/newamsibypass.ps1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558302/; classtype:trojan-activity;sid:84421402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558300)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/link-exe-test/main/matthew.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558300/; classtype:trojan-activity;sid:84421400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558295)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/second.bin"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558295/; classtype:trojan-activity;sid:84421395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558290)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/urbanvpn.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558290/; classtype:trojan-activity;sid:84421390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558291)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/svhost.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558291/; classtype:trojan-activity;sid:84421391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558292)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/second.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558292/; classtype:trojan-activity;sid:84421392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558289)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/invoke-nicelittlekittieobf/main/invoke-nicelittlekittieobf.ps1"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558289/; classtype:trojan-activity;sid:84421389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558285)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/pvp.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558285/; classtype:trojan-activity;sid:84421385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558287)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/darwin.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558287/; classtype:trojan-activity;sid:84421387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558280)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-dropper/main/src/main.rs"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558280/; classtype:trojan-activity;sid:84421380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558271)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/bin/x64/release/phantom.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558271/; classtype:trojan-activity;sid:84421371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558266)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/invoke-shell/main/reverse.ps1"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558266/; classtype:trojan-activity;sid:84421366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558264)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/iso-file-testing/main/pleaserunme.iso"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558264/; classtype:trojan-activity;sid:84421364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558260)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/resources/uac64.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558260/; classtype:trojan-activity;sid:84421360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558252)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/payload.bin"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558252/; classtype:trojan-activity;sid:84421352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558247)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/riende.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558247/; classtype:trojan-activity;sid:84421347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558249)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/resources/uac.dll"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558249/; classtype:trojan-activity;sid:84421349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558243)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/invoke-nicelittlekittie/main/invoke-nicelittlekittie.ps1"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558243/; classtype:trojan-activity;sid:84421343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558235)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/payload_encrypted.bin"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558235/; classtype:trojan-activity;sid:84421335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558237)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/meter/main/meter5555.ps1"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558237/; classtype:trojan-activity;sid:84421337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558229)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/js-file-test/main/loader.js"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558229/; classtype:trojan-activity;sid:84421329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558230)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-revshell/main/src/main.rs"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558230/; classtype:trojan-activity;sid:84421330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/ll/hta/f.het"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.messias.org.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558205/; classtype:trojan-activity;sid:84421305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558120)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.239.251.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558120/; classtype:trojan-activity;sid:84421220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3557905)"; flow:established,from_client; content:"GET"; http_method; content:"/nbin22.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3557905/; classtype:trojan-activity;sid:84421005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556803)"; flow:established,from_client; content:"GET"; http_method; content:"/qcojt/logs.ldk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"classroomseven.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_06_03; reference:url, urlhaus.abuse.ch/url/3556803/; classtype:trojan-activity;sid:84419903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556779)"; flow:established,from_client; content:"GET"; http_method; content:"/qcojt/logs.ldr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"classroomseven.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_06_03; reference:url, urlhaus.abuse.ch/url/3556779/; classtype:trojan-activity;sid:84419879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556612)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_03; reference:url, urlhaus.abuse.ch/url/3556612/; classtype:trojan-activity;sid:84419712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.254.84.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_02; reference:url, urlhaus.abuse.ch/url/3556298/; classtype:trojan-activity;sid:84419398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555900)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin2.plg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xai830k.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_31; reference:url, urlhaus.abuse.ch/url/3555900/; classtype:trojan-activity;sid:84419000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555899)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin3.plg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xai830k.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_31; reference:url, urlhaus.abuse.ch/url/3555899/; classtype:trojan-activity;sid:84418999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555898)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin4.plg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xai830k.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_31; reference:url, urlhaus.abuse.ch/url/3555898/; classtype:trojan-activity;sid:84418998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555897)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin1.plg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xai830k.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_31; reference:url, urlhaus.abuse.ch/url/3555897/; classtype:trojan-activity;sid:84418997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555717)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.107.85.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_30; reference:url, urlhaus.abuse.ch/url/3555717/; classtype:trojan-activity;sid:84418817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.202.153.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_30; reference:url, urlhaus.abuse.ch/url/3555694/; classtype:trojan-activity;sid:84418794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.30.208.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_30; reference:url, urlhaus.abuse.ch/url/3555470/; classtype:trojan-activity;sid:84418570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555397)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555397/; classtype:trojan-activity;sid:84418497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555395)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555395/; classtype:trojan-activity;sid:84418495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555394)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.arm4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555394/; classtype:trojan-activity;sid:84418494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555393)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555393/; classtype:trojan-activity;sid:84418493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555392)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555392/; classtype:trojan-activity;sid:84418492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555391)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555391/; classtype:trojan-activity;sid:84418491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555390)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555390/; classtype:trojan-activity;sid:84418490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555389)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.i586"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555389/; classtype:trojan-activity;sid:84418489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555388)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555388/; classtype:trojan-activity;sid:84418488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555371)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555371/; classtype:trojan-activity;sid:84418471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555192)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/raw/refs/heads/master/ransomware/wannacry.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555192/; classtype:trojan-activity;sid:84418292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555132)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.202.153.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555132/; classtype:trojan-activity;sid:84418232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.214.55.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555014/; classtype:trojan-activity;sid:84418114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.199.86.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555017/; classtype:trojan-activity;sid:84418117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.64.135.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555012/; classtype:trojan-activity;sid:84418112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555005)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.90.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555005/; classtype:trojan-activity;sid:84418105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3554430)"; flow:established,from_client; content:"GET"; http_method; content:"/rate.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"celebratingseniors.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_28; reference:url, urlhaus.abuse.ch/url/3554430/; classtype:trojan-activity;sid:84417530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3554334)"; flow:established,from_client; content:"GET"; http_method; content:"/oste.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"celebratingseniors.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_28; reference:url, urlhaus.abuse.ch/url/3554334/; classtype:trojan-activity;sid:84417434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.95.253.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553946/; classtype:trojan-activity;sid:84417046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.135.230.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553933/; classtype:trojan-activity;sid:84417033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553733)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.239.251.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553733/; classtype:trojan-activity;sid:84416833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553731)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.239.251.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553731/; classtype:trojan-activity;sid:84416831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553730)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.239.251.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553730/; classtype:trojan-activity;sid:84416830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553729)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.239.251.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553729/; classtype:trojan-activity;sid:84416829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553723)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.239.251.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553723/; classtype:trojan-activity;sid:84416823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553636)"; flow:established,from_client; content:"GET"; http_method; content:"/bufs.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"maidforyou1985.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553636/; classtype:trojan-activity;sid:84416736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553629)"; flow:established,from_client; content:"GET"; http_method; content:"/mits.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"windomstatetheater.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553629/; classtype:trojan-activity;sid:84416729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553631)"; flow:established,from_client; content:"GET"; http_method; content:"/zsps.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jakestrack.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553631/; classtype:trojan-activity;sid:84416731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553633)"; flow:established,from_client; content:"GET"; http_method; content:"/osxs.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"windomstatetheater.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553633/; classtype:trojan-activity;sid:84416733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553634)"; flow:established,from_client; content:"GET"; http_method; content:"/fste.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jakestrack.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553634/; classtype:trojan-activity;sid:84416734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553619)"; flow:established,from_client; content:"GET"; http_method; content:"/fsps.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jakestrack.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553619/; classtype:trojan-activity;sid:84416719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553439)"; flow:established,from_client; content:"GET"; http_method; content:"/atendimento/bk.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"skynetx.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553439/; classtype:trojan-activity;sid:84416539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553385)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8.210.122.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553385/; classtype:trojan-activity;sid:84416485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.92.228.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553268/; classtype:trojan-activity;sid:84416368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553170)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.125.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3553170/; classtype:trojan-activity;sid:84416270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.79.175.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3553167/; classtype:trojan-activity;sid:84416267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553112)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.251.115.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3553112/; classtype:trojan-activity;sid:84416212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.226.201.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552816/; classtype:trojan-activity;sid:84415916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.81.156.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552756/; classtype:trojan-activity;sid:84415856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.81.156.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552757/; classtype:trojan-activity;sid:84415857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552725)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.76.252.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552725/; classtype:trojan-activity;sid:84415825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552617)"; flow:established,from_client; content:"GET"; http_method; content:"/bre"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"109.74.204.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552617/; classtype:trojan-activity;sid:84415717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552613)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"70.79.175.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552613/; classtype:trojan-activity;sid:84415713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552086)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.176.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_25; reference:url, urlhaus.abuse.ch/url/3552086/; classtype:trojan-activity;sid:84415186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552048)"; flow:established,from_client; content:"GET"; http_method; content:"/bosontn/m.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"nvtai.id.vn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552048/; classtype:trojan-activity;sid:84415148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552045)"; flow:established,from_client; content:"GET"; http_method; content:"/anonimusman00-2/xmr/refs/heads/main/silent%20miner.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552045/; classtype:trojan-activity;sid:84415145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552042)"; flow:established,from_client; content:"GET"; http_method; content:"/waf/dracula-cmd/master/dist/colortool.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552042/; classtype:trojan-activity;sid:84415142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552043)"; flow:established,from_client; content:"GET"; http_method; content:"/iamsysadmin/setteamsbg/main/set-teams-backgrounds.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552043/; classtype:trojan-activity;sid:84415143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552009)"; flow:established,from_client; content:"GET"; http_method; content:"/anonimusman00-2/xmr/raw/refs/heads/main/silent%20miner.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552009/; classtype:trojan-activity;sid:84415109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552005)"; flow:established,from_client; content:"GET"; http_method; content:"/alanparadis/stalker2simplemodmerger/releases/download/vortex-v1.4.9/stalker2simplemodmergerforvortex.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552005/; classtype:trojan-activity;sid:84415105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.92.232.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551953/; classtype:trojan-activity;sid:84415053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.30.244.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551951/; classtype:trojan-activity;sid:84415051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551935)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.231.3.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551935/; classtype:trojan-activity;sid:84415035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551746)"; flow:established,from_client; content:"GET"; http_method; content:"/obihh3.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551746/; classtype:trojan-activity;sid:84414846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.115.101.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551375/; classtype:trojan-activity;sid:84414475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.15.250.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551361/; classtype:trojan-activity;sid:84414461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551316)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14-0-204-188.static.pccw-hkt.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551316/; classtype:trojan-activity;sid:84414416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551305)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.208.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551305/; classtype:trojan-activity;sid:84414405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550926)"; flow:established,from_client; content:"GET"; http_method; content:"/user_profiles_photo/update.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"94.154.35.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550926/; classtype:trojan-activity;sid:84414026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550872)"; flow:established,from_client; content:"GET"; http_method; content:"/plugmanff2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550872/; classtype:trojan-activity;sid:84413972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550870)"; flow:established,from_client; content:"GET"; http_method; content:"/agodhh3.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550870/; classtype:trojan-activity;sid:84413970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550735)"; flow:established,from_client; content:"GET"; http_method; content:"/macmid_sonoma_14_5.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"107.198.40.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550735/; classtype:trojan-activity;sid:84413835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550710)"; flow:established,from_client; content:"GET"; http_method; content:"/aecheck2.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"khavar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550710/; classtype:trojan-activity;sid:84413810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550451)"; flow:established,from_client; content:"GET"; http_method; content:"/test2.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"barrysploitbucket.s3.us-west-2.amazonaws.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550451/; classtype:trojan-activity;sid:84413551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550379)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.29.75.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550379/; classtype:trojan-activity;sid:84413479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.59.90.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550381/; classtype:trojan-activity;sid:84413481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550388)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.238.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550388/; classtype:trojan-activity;sid:84413488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550358)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.119.34.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550358/; classtype:trojan-activity;sid:84413458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550356)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.190.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550356/; classtype:trojan-activity;sid:84413456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550290)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.15.250.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550290/; classtype:trojan-activity;sid:84413390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550044)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"80.94.92.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3550044/; classtype:trojan-activity;sid:84413144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550019)"; flow:established,from_client; content:"GET"; http_method; content:"/2023"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"143.92.48.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3550019/; classtype:trojan-activity;sid:84413119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550006)"; flow:established,from_client; content:"GET"; http_method; content:"/3r%bc%bc%ca%f5.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"8.138.182.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3550006/; classtype:trojan-activity;sid:84413106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549998)"; flow:established,from_client; content:"GET"; http_method; content:"/server.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"106.14.68.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549998/; classtype:trojan-activity;sid:84413098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549996)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"106.14.68.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549996/; classtype:trojan-activity;sid:84413096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549664)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.206.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549664/; classtype:trojan-activity;sid:84412764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.87.82.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549645/; classtype:trojan-activity;sid:84412745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549627)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.83.155"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549627/; classtype:trojan-activity;sid:84412727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549491)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.242.224.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549491/; classtype:trojan-activity;sid:84412591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"207.231.111.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_21; reference:url, urlhaus.abuse.ch/url/3549155/; classtype:trojan-activity;sid:84412255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548756)"; flow:established,from_client; content:"GET"; http_method; content:"/rsrs.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"upgradegc.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_21; reference:url, urlhaus.abuse.ch/url/3548756/; classtype:trojan-activity;sid:84411856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.191.78.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_21; reference:url, urlhaus.abuse.ch/url/3548688/; classtype:trojan-activity;sid:84411788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548647)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.22.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_21; reference:url, urlhaus.abuse.ch/url/3548647/; classtype:trojan-activity;sid:84411747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548513)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.56.207.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_21; reference:url, urlhaus.abuse.ch/url/3548513/; classtype:trojan-activity;sid:84411613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548058)"; flow:established,from_client; content:"GET"; http_method; content:"/admin-pc/stikpille.psp"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"artacom.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3548058/; classtype:trojan-activity;sid:84411158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548057)"; flow:established,from_client; content:"GET"; http_method; content:"/admin-pc/qsllcxnogwi52.bin"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"artacom.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3548057/; classtype:trojan-activity;sid:84411157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.226.201.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3548023/; classtype:trojan-activity;sid:84411123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548022)"; flow:established,from_client; content:"GET"; http_method; content:"/xtonyee2.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3548022/; classtype:trojan-activity;sid:84411122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548021)"; flow:established,from_client; content:"GET"; http_method; content:"/qwalphaqw.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3548021/; classtype:trojan-activity;sid:84411121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548019)"; flow:established,from_client; content:"GET"; http_method; content:"/agodee.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3548019/; classtype:trojan-activity;sid:84411119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548020)"; flow:established,from_client; content:"GET"; http_method; content:"/agodee2.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3548020/; classtype:trojan-activity;sid:84411120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548017)"; flow:established,from_client; content:"GET"; http_method; content:"/catee.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3548017/; classtype:trojan-activity;sid:84411117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548015)"; flow:established,from_client; content:"GET"; http_method; content:"/acheck3.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"khavar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3548015/; classtype:trojan-activity;sid:84411115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548001)"; flow:established,from_client; content:"GET"; http_method; content:"/atata.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"khavar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3548001/; classtype:trojan-activity;sid:84411101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3547880)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ed2w0zvvx53_mfifdszyslleurub40zo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3547880/; classtype:trojan-activity;sid:84410980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3547798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"208.89.168.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3547798/; classtype:trojan-activity;sid:84410898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3547784)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.84.143"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3547784/; classtype:trojan-activity;sid:84410884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3547782)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.98.176.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3547782/; classtype:trojan-activity;sid:84410882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3547420)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.212.166.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_19; reference:url, urlhaus.abuse.ch/url/3547420/; classtype:trojan-activity;sid:84410520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3546985)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.27.20.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_19; reference:url, urlhaus.abuse.ch/url/3546985/; classtype:trojan-activity;sid:84410085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3546969)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.236.147.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_19; reference:url, urlhaus.abuse.ch/url/3546969/; classtype:trojan-activity;sid:84410069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3546411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.93.2.29"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_18; reference:url, urlhaus.abuse.ch/url/3546411/; classtype:trojan-activity;sid:84409511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3545468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.247.124.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_17; reference:url, urlhaus.abuse.ch/url/3545468/; classtype:trojan-activity;sid:84408568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3545469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.28.95.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_17; reference:url, urlhaus.abuse.ch/url/3545469/; classtype:trojan-activity;sid:84408569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3545463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.66.59.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_17; reference:url, urlhaus.abuse.ch/url/3545463/; classtype:trojan-activity;sid:84408563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3545422)"; flow:established,from_client; content:"GET"; http_method; content:"/stag.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"profalsam.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_17; reference:url, urlhaus.abuse.ch/url/3545422/; classtype:trojan-activity;sid:84408522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3545216)"; flow:established,from_client; content:"GET"; http_method; content:"/b33b49c5-5e3d-4a33-b66b-c719b917fa62/zip.log"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"cdn.glitch.global"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3545216/; classtype:trojan-activity;sid:84408316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3545217)"; flow:established,from_client; content:"GET"; http_method; content:"/b33b49c5-5e3d-4a33-b66b-c719b917fa62/tax.pdf"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"cdn.glitch.global"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3545217/; classtype:trojan-activity;sid:84408317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3545213)"; flow:established,from_client; content:"GET"; http_method; content:"/b33b49c5-5e3d-4a33-b66b-c719b917fa62/txjyh.hta"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cdn.glitch.global"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3545213/; classtype:trojan-activity;sid:84408313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3544992)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/nk/wunbbnvf102.bin"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"planetariumobil.ro"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3544992/; classtype:trojan-activity;sid:84408092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3544916)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/bule.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"daviddarle.fr"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3544916/; classtype:trojan-activity;sid:84408016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3544437)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.102.164.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3544437/; classtype:trojan-activity;sid:84407537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3544432)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.68.30.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3544432/; classtype:trojan-activity;sid:84407532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3544406)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8.218.192.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3544406/; classtype:trojan-activity;sid:84407506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3544189)"; flow:established,from_client; content:"GET"; http_method; content:"/alphamm.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3544189/; classtype:trojan-activity;sid:84407289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3544014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"screen.connectprotocol.es"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3544014/; classtype:trojan-activity;sid:84407114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543803)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.239.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3543803/; classtype:trojan-activity;sid:84406903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543805)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.239.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3543805/; classtype:trojan-activity;sid:84406905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543801)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.83.40"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3543801/; classtype:trojan-activity;sid:84406901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.229.224.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_14; reference:url, urlhaus.abuse.ch/url/3543400/; classtype:trojan-activity;sid:84406500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.50.222.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_14; reference:url, urlhaus.abuse.ch/url/3543392/; classtype:trojan-activity;sid:84406492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3542563)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wvxiyf_ryvgg_x3x7uceicqrndhb7lul"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_05_13; reference:url, urlhaus.abuse.ch/url/3542563/; classtype:trojan-activity;sid:84405663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541854)"; flow:established,from_client; content:"GET"; http_method; content:"/obicrypttwo.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_12; reference:url, urlhaus.abuse.ch/url/3541854/; classtype:trojan-activity;sid:84404954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541826)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/giphy.gif"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"onfiltre.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_12; reference:url, urlhaus.abuse.ch/url/3541826/; classtype:trojan-activity;sid:84404926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541487)"; flow:established,from_client; content:"GET"; http_method; content:"/download/uninstall.sh"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"update.aegis.aliyun.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541487/; classtype:trojan-activity;sid:84404587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541486)"; flow:established,from_client; content:"GET"; http_method; content:"/download/quartz_uninstall.sh"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"update.aegis.aliyun.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541486/; classtype:trojan-activity;sid:84404586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.63.149.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541432/; classtype:trojan-activity;sid:84404532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.192.232.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541418/; classtype:trojan-activity;sid:84404518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540931)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.12.2/xmrig-6.12.2-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3540931/; classtype:trojan-activity;sid:84404031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.45.77.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540517/; classtype:trojan-activity;sid:84403617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540254)"; flow:established,from_client; content:"GET"; http_method; content:"/21"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.249.172.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540254/; classtype:trojan-activity;sid:84403354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540217)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.134.51.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540217/; classtype:trojan-activity;sid:84403317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.190.58.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540186/; classtype:trojan-activity;sid:84403286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.52.241.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540188/; classtype:trojan-activity;sid:84403288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540164)"; flow:established,from_client; content:"GET"; http_method; content:"/tidesec/tscanplus/releases/download/v2.8.0/tscanclient_linux_amd64_v2.8.0.tar.gz"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540164/; classtype:trojan-activity;sid:84403264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540085)"; flow:established,from_client; content:"GET"; http_method; content:"/.x/pax.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"13.71.2.244"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540085/; classtype:trojan-activity;sid:84403185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.39.83.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539810/; classtype:trojan-activity;sid:84402910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.56.207.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539811/; classtype:trojan-activity;sid:84402911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539735)"; flow:established,from_client; content:"GET"; http_method; content:"/xostes.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.surethinks.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539735/; classtype:trojan-activity;sid:84402835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539686)"; flow:established,from_client; content:"GET"; http_method; content:"/js_bo/werkstastt/shotstar.prm"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.silver-hubdachwohnwagen.de"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539686/; classtype:trojan-activity;sid:84402786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539653)"; flow:established,from_client; content:"GET"; http_method; content:"/config.json"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539653/; classtype:trojan-activity;sid:84402753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539651)"; flow:established,from_client; content:"GET"; http_method; content:"/wbw.xml"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539651/; classtype:trojan-activity;sid:84402751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539652)"; flow:established,from_client; content:"GET"; http_method; content:"/application.jar"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539652/; classtype:trojan-activity;sid:84402752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539650)"; flow:established,from_client; content:"GET"; http_method; content:"/h2.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539650/; classtype:trojan-activity;sid:84402750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539649)"; flow:established,from_client; content:"GET"; http_method; content:"/1.ps1"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539649/; classtype:trojan-activity;sid:84402749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539646)"; flow:established,from_client; content:"GET"; http_method; content:"/d.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539646/; classtype:trojan-activity;sid:84402746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539645)"; flow:established,from_client; content:"GET"; http_method; content:"/cpr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539645/; classtype:trojan-activity;sid:84402745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539644)"; flow:established,from_client; content:"GET"; http_method; content:"/ce.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539644/; classtype:trojan-activity;sid:84402744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539643)"; flow:established,from_client; content:"GET"; http_method; content:"/xx.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539643/; classtype:trojan-activity;sid:84402743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539640)"; flow:established,from_client; content:"GET"; http_method; content:"/lf.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539640/; classtype:trojan-activity;sid:84402740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539641)"; flow:established,from_client; content:"GET"; http_method; content:"/ws.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539641/; classtype:trojan-activity;sid:84402741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539642)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539642/; classtype:trojan-activity;sid:84402742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539635)"; flow:established,from_client; content:"GET"; http_method; content:"/f.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539635/; classtype:trojan-activity;sid:84402735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539636)"; flow:established,from_client; content:"GET"; http_method; content:"/se.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539636/; classtype:trojan-activity;sid:84402736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539637)"; flow:established,from_client; content:"GET"; http_method; content:"/o.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539637/; classtype:trojan-activity;sid:84402737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539627)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539627/; classtype:trojan-activity;sid:84402727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539628)"; flow:established,from_client; content:"GET"; http_method; content:"/ph.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539628/; classtype:trojan-activity;sid:84402728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539629)"; flow:established,from_client; content:"GET"; http_method; content:"/p.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539629/; classtype:trojan-activity;sid:84402729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539630)"; flow:established,from_client; content:"GET"; http_method; content:"/kn.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539630/; classtype:trojan-activity;sid:84402730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539631)"; flow:established,from_client; content:"GET"; http_method; content:"/cp.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539631/; classtype:trojan-activity;sid:84402731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539632)"; flow:established,from_client; content:"GET"; http_method; content:"/vm.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539632/; classtype:trojan-activity;sid:84402732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539633)"; flow:established,from_client; content:"GET"; http_method; content:"/vml.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539633/; classtype:trojan-activity;sid:84402733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539634)"; flow:established,from_client; content:"GET"; http_method; content:"/pg.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539634/; classtype:trojan-activity;sid:84402734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539620)"; flow:established,from_client; content:"GET"; http_method; content:"/vb.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539620/; classtype:trojan-activity;sid:84402720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539621)"; flow:established,from_client; content:"GET"; http_method; content:"/hb.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539621/; classtype:trojan-activity;sid:84402721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539622)"; flow:established,from_client; content:"GET"; http_method; content:"/scg.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539622/; classtype:trojan-activity;sid:84402722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539623)"; flow:established,from_client; content:"GET"; http_method; content:"/ge.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539623/; classtype:trojan-activity;sid:84402723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539624)"; flow:established,from_client; content:"GET"; http_method; content:"/pg2.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539624/; classtype:trojan-activity;sid:84402724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539616)"; flow:established,from_client; content:"GET"; http_method; content:"/ae.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539616/; classtype:trojan-activity;sid:84402716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539617)"; flow:established,from_client; content:"GET"; http_method; content:"/unk.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539617/; classtype:trojan-activity;sid:84402717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539618)"; flow:established,from_client; content:"GET"; http_method; content:"/ap.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539618/; classtype:trojan-activity;sid:84402718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539619)"; flow:established,from_client; content:"GET"; http_method; content:"/cf.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539619/; classtype:trojan-activity;sid:84402719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539615)"; flow:established,from_client; content:"GET"; http_method; content:"/ci.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539615/; classtype:trojan-activity;sid:84402715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539614)"; flow:established,from_client; content:"GET"; http_method; content:"/wpf.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539614/; classtype:trojan-activity;sid:84402714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539605)"; flow:established,from_client; content:"GET"; http_method; content:"/sc.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539605/; classtype:trojan-activity;sid:84402705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539606)"; flow:established,from_client; content:"GET"; http_method; content:"/tr.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539606/; classtype:trojan-activity;sid:84402706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539607)"; flow:established,from_client; content:"GET"; http_method; content:"/al.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539607/; classtype:trojan-activity;sid:84402707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539608)"; flow:established,from_client; content:"GET"; http_method; content:"/an.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539608/; classtype:trojan-activity;sid:84402708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539609)"; flow:established,from_client; content:"GET"; http_method; content:"/s.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539609/; classtype:trojan-activity;sid:84402709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539610)"; flow:established,from_client; content:"GET"; http_method; content:"/j.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539610/; classtype:trojan-activity;sid:84402710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539611)"; flow:established,from_client; content:"GET"; http_method; content:"/mo.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539611/; classtype:trojan-activity;sid:84402711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539612)"; flow:established,from_client; content:"GET"; http_method; content:"/mi.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539612/; classtype:trojan-activity;sid:84402712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539613)"; flow:established,from_client; content:"GET"; http_method; content:"/bg.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539613/; classtype:trojan-activity;sid:84402713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539589)"; flow:established,from_client; content:"GET"; http_method; content:"/gi.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539589/; classtype:trojan-activity;sid:84402689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539590)"; flow:established,from_client; content:"GET"; http_method; content:"/ku.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539590/; classtype:trojan-activity;sid:84402690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539591)"; flow:established,from_client; content:"GET"; http_method; content:"/h.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539591/; classtype:trojan-activity;sid:84402691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539592)"; flow:established,from_client; content:"GET"; http_method; content:"/n.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539592/; classtype:trojan-activity;sid:84402692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539593)"; flow:established,from_client; content:"GET"; http_method; content:"/lr.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539593/; classtype:trojan-activity;sid:84402693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539594)"; flow:established,from_client; content:"GET"; http_method; content:"/ki.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539594/; classtype:trojan-activity;sid:84402694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539595)"; flow:established,from_client; content:"GET"; http_method; content:"/sp.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539595/; classtype:trojan-activity;sid:84402695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539596)"; flow:established,from_client; content:"GET"; http_method; content:"/lh.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539596/; classtype:trojan-activity;sid:84402696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539597)"; flow:established,from_client; content:"GET"; http_method; content:"/acb.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539597/; classtype:trojan-activity;sid:84402697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539599)"; flow:established,from_client; content:"GET"; http_method; content:"/ni.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539599/; classtype:trojan-activity;sid:84402699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539600)"; flow:established,from_client; content:"GET"; http_method; content:"/t.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539600/; classtype:trojan-activity;sid:84402700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539601)"; flow:established,from_client; content:"GET"; http_method; content:"/rm.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539601/; classtype:trojan-activity;sid:84402701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539602)"; flow:established,from_client; content:"GET"; http_method; content:"/gl.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539602/; classtype:trojan-activity;sid:84402702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539603)"; flow:established,from_client; content:"GET"; http_method; content:"/tm.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539603/; classtype:trojan-activity;sid:84402703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539604)"; flow:established,from_client; content:"GET"; http_method; content:"/do.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539604/; classtype:trojan-activity;sid:84402704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539577)"; flow:established,from_client; content:"GET"; http_method; content:"/cb.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539577/; classtype:trojan-activity;sid:84402677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539578)"; flow:established,from_client; content:"GET"; http_method; content:"/wb.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539578/; classtype:trojan-activity;sid:84402678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539579)"; flow:established,from_client; content:"GET"; http_method; content:"/tc.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539579/; classtype:trojan-activity;sid:84402679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539580)"; flow:established,from_client; content:"GET"; http_method; content:"/mt.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539580/; classtype:trojan-activity;sid:84402680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539581)"; flow:established,from_client; content:"GET"; http_method; content:"/sup.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539581/; classtype:trojan-activity;sid:84402681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539582)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539582/; classtype:trojan-activity;sid:84402682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539583)"; flow:established,from_client; content:"GET"; http_method; content:"/md.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539583/; classtype:trojan-activity;sid:84402683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539584)"; flow:established,from_client; content:"GET"; http_method; content:"/py.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539584/; classtype:trojan-activity;sid:84402684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539585)"; flow:established,from_client; content:"GET"; http_method; content:"/spr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539585/; classtype:trojan-activity;sid:84402685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539586)"; flow:established,from_client; content:"GET"; http_method; content:"/st.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539586/; classtype:trojan-activity;sid:84402686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539587)"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539587/; classtype:trojan-activity;sid:84402687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539588)"; flow:established,from_client; content:"GET"; http_method; content:"/pa.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539588/; classtype:trojan-activity;sid:84402688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539576)"; flow:established,from_client; content:"GET"; http_method; content:"/m.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539576/; classtype:trojan-activity;sid:84402676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539575)"; flow:established,from_client; content:"GET"; http_method; content:"/rv.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539575/; classtype:trojan-activity;sid:84402675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539574)"; flow:established,from_client; content:"GET"; http_method; content:"/curl-amd64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539574/; classtype:trojan-activity;sid:84402674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539571)"; flow:established,from_client; content:"GET"; http_method; content:"/kinsing2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539571/; classtype:trojan-activity;sid:84402671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539572)"; flow:established,from_client; content:"GET"; http_method; content:"/curl-aarch64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539572/; classtype:trojan-activity;sid:84402672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539573)"; flow:established,from_client; content:"GET"; http_method; content:"/kinsing_aarch64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539573/; classtype:trojan-activity;sid:84402673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539569)"; flow:established,from_client; content:"GET"; http_method; content:"/for"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539569/; classtype:trojan-activity;sid:84402669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539570)"; flow:established,from_client; content:"GET"; http_method; content:"/libsystem.so"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539570/; classtype:trojan-activity;sid:84402670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539568)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539568/; classtype:trojan-activity;sid:84402668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539471)"; flow:established,from_client; content:"GET"; http_method; content:"/kinsing"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539471/; classtype:trojan-activity;sid:84402571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539455)"; flow:established,from_client; content:"GET"; http_method; content:"/ex.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539455/; classtype:trojan-activity;sid:84402555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539354)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8.218.225.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539354/; classtype:trojan-activity;sid:84402454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539297)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.190.58.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539297/; classtype:trojan-activity;sid:84402397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539028)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.22.42.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3539028/; classtype:trojan-activity;sid:84402128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538764)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.211.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538764/; classtype:trojan-activity;sid:84401864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538763)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.208.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538763/; classtype:trojan-activity;sid:84401863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538762)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.209.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538762/; classtype:trojan-activity;sid:84401862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538761)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.94.181.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538761/; classtype:trojan-activity;sid:84401861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538754)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.209.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538754/; classtype:trojan-activity;sid:84401854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538755)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.209.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538755/; classtype:trojan-activity;sid:84401855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538747)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.94.181.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538747/; classtype:trojan-activity;sid:84401847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538741)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.94.181.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538741/; classtype:trojan-activity;sid:84401841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538744)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.94.181.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538744/; classtype:trojan-activity;sid:84401844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538737)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538737/; classtype:trojan-activity;sid:84401837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538671)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.210.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538671/; classtype:trojan-activity;sid:84401771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538263)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.39.83.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538263/; classtype:trojan-activity;sid:84401363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.170.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538213/; classtype:trojan-activity;sid:84401313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.118.147.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538190/; classtype:trojan-activity;sid:84401290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538179)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.22.42.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538179/; classtype:trojan-activity;sid:84401279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3537744)"; flow:established,from_client; content:"GET"; http_method; content:"/dfffrf/dfdf/downloads/notificaci%c3%b3n_demanda_virtual_juzgado_09_de_circuito_de_bogot%c3%a1.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_07; reference:url, urlhaus.abuse.ch/url/3537744/; classtype:trojan-activity;sid:84400844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3537710)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/wex.gif"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"stonecradle.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_07; reference:url, urlhaus.abuse.ch/url/3537710/; classtype:trojan-activity;sid:84400810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3537561)"; flow:established,from_client; content:"GET"; http_method; content:"/sansebas/sdsd/downloads/01citaci%c3%b3n_personal_demanda_virtual_juzgado_penal_de_circuito_de.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_07; reference:url, urlhaus.abuse.ch/url/3537561/; classtype:trojan-activity;sid:84400661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3537516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"68.193.233.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_07; reference:url, urlhaus.abuse.ch/url/3537516/; classtype:trojan-activity;sid:84400616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3537001)"; flow:established,from_client; content:"GET"; http_method; content:"/386"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.200.207.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3537001/; classtype:trojan-activity;sid:84400101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536838)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.200.207.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536838/; classtype:trojan-activity;sid:84399938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536070)"; flow:established,from_client; content:"GET"; http_method; content:"/dl202"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536070/; classtype:trojan-activity;sid:84399170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.157.195.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536030/; classtype:trojan-activity;sid:84399130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.182.123.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536025/; classtype:trojan-activity;sid:84399125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3535881)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"68.193.233.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3535881/; classtype:trojan-activity;sid:84398981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3535453)"; flow:established,from_client; content:"GET"; http_method; content:"/4492/e569abd317d7e5f7a39d4af364fe6376/sorandaru2015.pdf"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"2024.sci-hub.se"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_05; reference:url, urlhaus.abuse.ch/url/3535453/; classtype:trojan-activity;sid:84398553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3535256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"62.60.226.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_05; reference:url, urlhaus.abuse.ch/url/3535256/; classtype:trojan-activity;sid:84398356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3535078)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.182.123.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_05; reference:url, urlhaus.abuse.ch/url/3535078/; classtype:trojan-activity;sid:84398178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3534886)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.153.93.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_04; reference:url, urlhaus.abuse.ch/url/3534886/; classtype:trojan-activity;sid:84397986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3534191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.249.142.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_04; reference:url, urlhaus.abuse.ch/url/3534191/; classtype:trojan-activity;sid:84397291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3533772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.78.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_03; reference:url, urlhaus.abuse.ch/url/3533772/; classtype:trojan-activity;sid:84396872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3533769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.188.92.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_03; reference:url, urlhaus.abuse.ch/url/3533769/; classtype:trojan-activity;sid:84396869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3533753)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.76.252.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_03; reference:url, urlhaus.abuse.ch/url/3533753/; classtype:trojan-activity;sid:84396853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3533582)"; flow:established,from_client; content:"GET"; http_method; content:"/kokotpycauholica/ultraundetecteddrv/refs/heads/main/hbvtmbp46iieehp1.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_03; reference:url, urlhaus.abuse.ch/url/3533582/; classtype:trojan-activity;sid:84396682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532985)"; flow:established,from_client; content:"GET"; http_method; content:"/dl201"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532985/; classtype:trojan-activity;sid:84396085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532847)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"114.129.49.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532847/; classtype:trojan-activity;sid:84395947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532848)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"114.129.49.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532848/; classtype:trojan-activity;sid:84395948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532849)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"114.129.49.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532849/; classtype:trojan-activity;sid:84395949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.76.101.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532833/; classtype:trojan-activity;sid:84395933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.253.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532844/; classtype:trojan-activity;sid:84395944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532827)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.22.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532827/; classtype:trojan-activity;sid:84395927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532726)"; flow:established,from_client; content:"GET"; http_method; content:"/2294/7a43bb4cf6c57229b02a9604a1f4614e/skidmore1966.pdf"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"2024.sci-hub.se"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532726/; classtype:trojan-activity;sid:84395826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532282)"; flow:established,from_client; content:"GET"; http_method; content:"/dl200"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532282/; classtype:trojan-activity;sid:84395382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.81.58.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531992/; classtype:trojan-activity;sid:84395092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.203.88.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531994/; classtype:trojan-activity;sid:84395094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.97.155.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531983/; classtype:trojan-activity;sid:84395083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.168.60.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531986/; classtype:trojan-activity;sid:84395086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.58.146.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531974/; classtype:trojan-activity;sid:84395074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531643)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.188.92.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531643/; classtype:trojan-activity;sid:84394743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531576)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8.210.178.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531576/; classtype:trojan-activity;sid:84394676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531323)"; flow:established,from_client; content:"GET"; http_method; content:"/zc3.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1.234.66.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3531323/; classtype:trojan-activity;sid:84394423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531322)"; flow:established,from_client; content:"GET"; http_method; content:"/zal.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1.234.66.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3531322/; classtype:trojan-activity;sid:84394422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531321)"; flow:established,from_client; content:"GET"; http_method; content:"/xpt.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1.234.66.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3531321/; classtype:trojan-activity;sid:84394421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.51.100.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3530894/; classtype:trojan-activity;sid:84393994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.127.68.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3530891/; classtype:trojan-activity;sid:84393991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530868)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.22.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3530868/; classtype:trojan-activity;sid:84393968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530870)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.22.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3530870/; classtype:trojan-activity;sid:84393970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530776)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"4393eb8c.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3530776/; classtype:trojan-activity;sid:84393876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530262)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.153.97.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530262/; classtype:trojan-activity;sid:84393362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.70.214.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530250/; classtype:trojan-activity;sid:84393350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.124.228.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530244/; classtype:trojan-activity;sid:84393344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.42.105.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530241/; classtype:trojan-activity;sid:84393341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.180.241.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530192/; classtype:trojan-activity;sid:84393292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.39.251.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530184/; classtype:trojan-activity;sid:84393284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530168)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.22.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530168/; classtype:trojan-activity;sid:84393268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.154.79.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530163/; classtype:trojan-activity;sid:84393263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530015)"; flow:established,from_client; content:"GET"; http_method; content:"/pocz/new_image.jpg"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"glaustralia.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530015/; classtype:trojan-activity;sid:84393115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529934)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.12.100.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529934/; classtype:trojan-activity;sid:84393034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529927)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"125.128.239.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529927/; classtype:trojan-activity;sid:84393027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529929)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.21.252.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529929/; classtype:trojan-activity;sid:84393029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529930)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.203.88.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529930/; classtype:trojan-activity;sid:84393030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529922)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.131.95.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529922/; classtype:trojan-activity;sid:84393022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529907)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.76.101.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529907/; classtype:trojan-activity;sid:84393007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529891)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"101.58.146.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529891/; classtype:trojan-activity;sid:84392991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529895)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.252.11.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529895/; classtype:trojan-activity;sid:84392995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529897)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"122.97.155.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529897/; classtype:trojan-activity;sid:84392997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529881)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.127.101.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529881/; classtype:trojan-activity;sid:84392981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529882)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71.15.96.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529882/; classtype:trojan-activity;sid:84392982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.153.244.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529490/; classtype:trojan-activity;sid:84392590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528280)"; flow:established,from_client; content:"GET"; http_method; content:"/mir1ce/hawkeye/releases/download/v0319/hawkeye.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_28; reference:url, urlhaus.abuse.ch/url/3528280/; classtype:trojan-activity;sid:84391380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528279)"; flow:established,from_client; content:"GET"; http_method; content:"/yarahq/yara-forge/releases/latest/download/yara-forge-rules-core.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_28; reference:url, urlhaus.abuse.ch/url/3528279/; classtype:trojan-activity;sid:84391379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528277)"; flow:established,from_client; content:"GET"; http_method; content:"/meckazin/chromekatz/releases/download/0.6.1/chromekatzbofs.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_28; reference:url, urlhaus.abuse.ch/url/3528277/; classtype:trojan-activity;sid:84391377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528246)"; flow:established,from_client; content:"GET"; http_method; content:"/mon.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.248.53.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_28; reference:url, urlhaus.abuse.ch/url/3528246/; classtype:trojan-activity;sid:84391346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528179)"; flow:established,from_client; content:"GET"; http_method; content:"/peizhi/yh02/csr.bin"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"218.93.208.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528179/; classtype:trojan-activity;sid:84391279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528176)"; flow:established,from_client; content:"GET"; http_method; content:"/client.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.147.34.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528176/; classtype:trojan-activity;sid:84391276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528170)"; flow:established,from_client; content:"GET"; http_method; content:"/decalage2/oletools/releases/download/v0.60.2/oletools-0.60.2.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528170/; classtype:trojan-activity;sid:84391270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528165)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/19831288/crack.nurik.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528165/; classtype:trojan-activity;sid:84391265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528167)"; flow:established,from_client; content:"GET"; http_method; content:"/firmware/ts2_0001.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"172.170.254.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528167/; classtype:trojan-activity;sid:84391267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528162)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/19831450/solara.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528162/; classtype:trojan-activity;sid:84391262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528154)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/19835739/solarus.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528154/; classtype:trojan-activity;sid:84391254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528156)"; flow:established,from_client; content:"GET"; http_method; content:"/wj/vcruntime140.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"8.134.199.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528156/; classtype:trojan-activity;sid:84391256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528128)"; flow:established,from_client; content:"GET"; http_method; content:"/zxc5wezxc/new/main/dllbase64reverse.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528128/; classtype:trojan-activity;sid:84391228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528127)"; flow:established,from_client; content:"GET"; http_method; content:"/androidmalware/android_hid/f25d0234cff288ab8384689685e37b1b4bbaf2ba/test.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528127/; classtype:trojan-activity;sid:84391227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528108)"; flow:established,from_client; content:"GET"; http_method; content:"/monkeyadece/v-f/releases/download/1.4.2/vector-fixer-v1.4.2.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528108/; classtype:trojan-activity;sid:84391208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528105)"; flow:established,from_client; content:"GET"; http_method; content:"/ui.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"public.demo.securecloudsandbox.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528105/; classtype:trojan-activity;sid:84391205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528107)"; flow:established,from_client; content:"GET"; http_method; content:"/lbormann/darts-gif/releases/download/v1.1.0/darts-gif.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528107/; classtype:trojan-activity;sid:84391207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528100)"; flow:established,from_client; content:"GET"; http_method; content:"/lbormann/darts-pixelit/releases/download/v1.2.2/darts-pixelit.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528100/; classtype:trojan-activity;sid:84391200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528097)"; flow:established,from_client; content:"GET"; http_method; content:"/harelba/q/releases/download/2.0.19/q-amd64-windows.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528097/; classtype:trojan-activity;sid:84391197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528098)"; flow:established,from_client; content:"GET"; http_method; content:"/mikf/gallery-dl/releases/download/v1.15.0/gallery-dl.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528098/; classtype:trojan-activity;sid:84391198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528090)"; flow:established,from_client; content:"GET"; http_method; content:"/warible82/miner/raw/main/minerbtc.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528090/; classtype:trojan-activity;sid:84391190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.36.124.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527875/; classtype:trojan-activity;sid:84390975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.187.151.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527866/; classtype:trojan-activity;sid:84390966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.240.130.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527841/; classtype:trojan-activity;sid:84390941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"50.47.94.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527848/; classtype:trojan-activity;sid:84390948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.181.234.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527850/; classtype:trojan-activity;sid:84390950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.144.173.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527851/; classtype:trojan-activity;sid:84390951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.38.90.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527855/; classtype:trojan-activity;sid:84390955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527856)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.36.11.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527856/; classtype:trojan-activity;sid:84390956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.31.165.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527835/; classtype:trojan-activity;sid:84390935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"149.241.40.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527836/; classtype:trojan-activity;sid:84390936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527814)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.57.30.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527814/; classtype:trojan-activity;sid:84390914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527254)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"102.31.165.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527254/; classtype:trojan-activity;sid:84390354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526930)"; flow:established,from_client; content:"GET"; http_method; content:"/verify-sec"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"msoftdatastore.z22.web.core.windows.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526930/; classtype:trojan-activity;sid:84390030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.48.126.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526874/; classtype:trojan-activity;sid:84389974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.228.12.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526868/; classtype:trojan-activity;sid:84389968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.117.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526869/; classtype:trojan-activity;sid:84389969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.23.169.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526865/; classtype:trojan-activity;sid:84389965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.252.69.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526832/; classtype:trojan-activity;sid:84389932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.205.81.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526834/; classtype:trojan-activity;sid:84389934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.214.56.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526857/; classtype:trojan-activity;sid:84389957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.218.114.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526828/; classtype:trojan-activity;sid:84389928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525788)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.83.124.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525788/; classtype:trojan-activity;sid:84388888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525781)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"50.47.94.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525781/; classtype:trojan-activity;sid:84388881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525783)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71.239.8.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525783/; classtype:trojan-activity;sid:84388883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525776)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.39.251.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525776/; classtype:trojan-activity;sid:84388876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525778)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.95.183.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525778/; classtype:trojan-activity;sid:84388878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525748)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.76.211.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525748/; classtype:trojan-activity;sid:84388848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525743)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.57.166.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525743/; classtype:trojan-activity;sid:84388843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525738)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.176.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525738/; classtype:trojan-activity;sid:84388838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525728)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.240.130.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525728/; classtype:trojan-activity;sid:84388828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525731)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.181.234.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525731/; classtype:trojan-activity;sid:84388831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525710)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"149.241.40.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525710/; classtype:trojan-activity;sid:84388810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525679)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.38.90.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525679/; classtype:trojan-activity;sid:84388779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525617)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.28.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525617/; classtype:trojan-activity;sid:84388717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525518)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.23.169.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525518/; classtype:trojan-activity;sid:84388618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525291)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"112.168.60.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525291/; classtype:trojan-activity;sid:84388391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525238)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.133.41.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525238/; classtype:trojan-activity;sid:84388338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.110.37.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525151/; classtype:trojan-activity;sid:84388251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525009)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.214.56.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525009/; classtype:trojan-activity;sid:84388109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525013)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.252.69.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525013/; classtype:trojan-activity;sid:84388113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525021)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.83.203.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525021/; classtype:trojan-activity;sid:84388121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524811)"; flow:established,from_client; content:"GET"; http_method; content:"/vaxilu/x-ui/releases/latest/download/x-ui-linux-amd64.tar.gz"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524811/; classtype:trojan-activity;sid:84387911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524808)"; flow:established,from_client; content:"GET"; http_method; content:"/teddysun/across/raw/master/bbr.sh"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524808/; classtype:trojan-activity;sid:84387908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524779)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.158.88.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524779/; classtype:trojan-activity;sid:84387879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524506)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ccjlbddgjhpeeff1b1hfkgp3x16c_tj1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524506/; classtype:trojan-activity;sid:84387606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524454)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1bpc5z-hv6kosk6artkfmbtsnnwwpdghy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524454/; classtype:trojan-activity;sid:84387554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3523718)"; flow:established,from_client; content:"GET"; http_method; content:"/10/del.bat"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"8.213.216.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_24; reference:url, urlhaus.abuse.ch/url/3523718/; classtype:trojan-activity;sid:84386818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3523710)"; flow:established,from_client; content:"GET"; http_method; content:"/10/wwlib.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"8.213.216.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_24; reference:url, urlhaus.abuse.ch/url/3523710/; classtype:trojan-activity;sid:84386810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3523696)"; flow:established,from_client; content:"GET"; http_method; content:"/10/ok.bat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"8.213.216.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_24; reference:url, urlhaus.abuse.ch/url/3523696/; classtype:trojan-activity;sid:84386796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3523704)"; flow:established,from_client; content:"GET"; http_method; content:"/10/king.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"8.213.216.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_24; reference:url, urlhaus.abuse.ch/url/3523704/; classtype:trojan-activity;sid:84386804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3523682)"; flow:established,from_client; content:"GET"; http_method; content:"/exclusions.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.213.216.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_24; reference:url, urlhaus.abuse.ch/url/3523682/; classtype:trojan-activity;sid:84386782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3523621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.47.243.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_24; reference:url, urlhaus.abuse.ch/url/3523621/; classtype:trojan-activity;sid:84386721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522943)"; flow:established,from_client; content:"GET"; http_method; content:"/oto"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_23; reference:url, urlhaus.abuse.ch/url/3522943/; classtype:trojan-activity;sid:84386043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.30.92.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_23; reference:url, urlhaus.abuse.ch/url/3522876/; classtype:trojan-activity;sid:84385976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522687)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ltrdqlgcl6smoqujfs1pb2ernzhsbydh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_23; reference:url, urlhaus.abuse.ch/url/3522687/; classtype:trojan-activity;sid:84385787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522201)"; flow:established,from_client; content:"GET"; http_method; content:"/eed8989/u/main/ud.bat"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3522201/; classtype:trojan-activity;sid:84385301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.238.213.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3522158/; classtype:trojan-activity;sid:84385258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522159)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.243.36.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3522159/; classtype:trojan-activity;sid:84385259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"62.60.226.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521407/; classtype:trojan-activity;sid:84384507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"62.60.226.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521377/; classtype:trojan-activity;sid:84384477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521378)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"62.60.226.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521378/; classtype:trojan-activity;sid:84384478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"62.60.226.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521360/; classtype:trojan-activity;sid:84384460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521338)"; flow:established,from_client; content:"GET"; http_method; content:"/////bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"62.60.226.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521338/; classtype:trojan-activity;sid:84384438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521335)"; flow:established,from_client; content:"GET"; http_method; content:"/////bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"62.60.226.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521335/; classtype:trojan-activity;sid:84384435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521316)"; flow:established,from_client; content:"GET"; http_method; content:"/////bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"62.60.226.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521316/; classtype:trojan-activity;sid:84384416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521312)"; flow:established,from_client; content:"GET"; http_method; content:"/////bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"62.60.226.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521312/; classtype:trojan-activity;sid:84384412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520923)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.73.103"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_21; reference:url, urlhaus.abuse.ch/url/3520923/; classtype:trojan-activity;sid:84384023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520366)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.12.2/xmrig-6.12.2-linux-x64.tar.gz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_21; reference:url, urlhaus.abuse.ch/url/3520366/; classtype:trojan-activity;sid:84383466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520082)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.226.241.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520082/; classtype:trojan-activity;sid:84383182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520081)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.57.43.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520081/; classtype:trojan-activity;sid:84383181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520075)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"122.55.206.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520075/; classtype:trojan-activity;sid:84383175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520071)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.156.141.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520071/; classtype:trojan-activity;sid:84383171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520070)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.136.63.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520070/; classtype:trojan-activity;sid:84383170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.160.116.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519608/; classtype:trojan-activity;sid:84382708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.229.20.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519584/; classtype:trojan-activity;sid:84382684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.50.168.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519563/; classtype:trojan-activity;sid:84382663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519542)"; flow:established,from_client; content:"GET"; http_method; content:"/hostfile/taptin/game.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"update.volam2005pk.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519542/; classtype:trojan-activity;sid:84382642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519540)"; flow:established,from_client; content:"GET"; http_method; content:"/_autovlbs19_new/trainjx2.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"thtp2.volamngayxua.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519540/; classtype:trojan-activity;sid:84382640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519529)"; flow:established,from_client; content:"GET"; http_method; content:"/_autovlbs19_new/trainjx.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"thtp2.volamngayxua.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519529/; classtype:trojan-activity;sid:84382629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519526)"; flow:established,from_client; content:"GET"; http_method; content:"/8290189a-044c-494d-9957-5b2e993ca180/rqago1.dll|3f|v=1726322804507"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"cdn.glitch.global"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519526/; classtype:trojan-activity;sid:84382626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519525)"; flow:established,from_client; content:"GET"; http_method; content:"/down/linm_free/tg_linm_data_image_free.dll"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tiwanlinm.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519525/; classtype:trojan-activity;sid:84382625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519523)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest10.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519523/; classtype:trojan-activity;sid:84382623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519518)"; flow:established,from_client; content:"GET"; http_method; content:"/fb/32.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ny.lshdw.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519518/; classtype:trojan-activity;sid:84382618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519521)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest14.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519521/; classtype:trojan-activity;sid:84382621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519514)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest12.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519514/; classtype:trojan-activity;sid:84382614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519515)"; flow:established,from_client; content:"GET"; http_method; content:"/test4.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519515/; classtype:trojan-activity;sid:84382615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519512)"; flow:established,from_client; content:"GET"; http_method; content:"/982c7448-1ad7-4095-83b6-e629e3bc0060/protecxds.dll|3f|v=1738043025857"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"cdn.glitch.global"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519512/; classtype:trojan-activity;sid:84382612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519513)"; flow:established,from_client; content:"GET"; http_method; content:"/install/namu832.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519513/; classtype:trojan-activity;sid:84382613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519503)"; flow:established,from_client; content:"GET"; http_method; content:"/autoupdate/autoupdate.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"jxhuyhoang.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519503/; classtype:trojan-activity;sid:84382603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519488)"; flow:established,from_client; content:"GET"; http_method; content:"/snake/hack3.6.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dangtienluc.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519488/; classtype:trojan-activity;sid:84382588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519491)"; flow:established,from_client; content:"GET"; http_method; content:"/creation_made_by_grokai.mp4%20%20%20openai.com"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"openaigrok.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519491/; classtype:trojan-activity;sid:84382591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519493)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest24.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519493/; classtype:trojan-activity;sid:84382593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519485)"; flow:established,from_client; content:"GET"; http_method; content:"/versions/gestioniccv20.21.8.51/gestionicc.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"icoffeecloud.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519485/; classtype:trojan-activity;sid:84382585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519479)"; flow:established,from_client; content:"GET"; http_method; content:"/eric.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"52575815-38-20200406120634.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519479/; classtype:trojan-activity;sid:84382579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519478)"; flow:established,from_client; content:"GET"; http_method; content:"/creation_made_by_grokai.mp4%20%20%20openai.com"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"innaflux.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519478/; classtype:trojan-activity;sid:84382578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519469)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"60aaf9c6.salamanderprocessing.pages.dev"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519469/; classtype:trojan-activity;sid:84382569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519467)"; flow:established,from_client; content:"GET"; http_method; content:"/down/linm_free/tg_linm_data_map_free.dll"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"tiwanlinm.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519467/; classtype:trojan-activity;sid:84382567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519463)"; flow:established,from_client; content:"GET"; http_method; content:"/snake/bypassldplayer.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"dangtienluc.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519463/; classtype:trojan-activity;sid:84382563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519464)"; flow:established,from_client; content:"GET"; http_method; content:"/fb/sm.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ny.lshdw.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519464/; classtype:trojan-activity;sid:84382564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519458)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest38.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519458/; classtype:trojan-activity;sid:84382558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519459)"; flow:established,from_client; content:"GET"; http_method; content:"/pds/mogimall/giftorder/giftorder.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mogimall.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519459/; classtype:trojan-activity;sid:84382559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519456)"; flow:established,from_client; content:"GET"; http_method; content:"/test9.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519456/; classtype:trojan-activity;sid:84382556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519454)"; flow:established,from_client; content:"GET"; http_method; content:"/testpte2.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519454/; classtype:trojan-activity;sid:84382554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519449)"; flow:established,from_client; content:"GET"; http_method; content:"/testwindow.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519449/; classtype:trojan-activity;sid:84382549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519446)"; flow:established,from_client; content:"GET"; http_method; content:"/newchaisupon/vendor/bin/psysh.bat"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"99194034-96-20180108171507.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519446/; classtype:trojan-activity;sid:84382546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519444)"; flow:established,from_client; content:"GET"; http_method; content:"/client/pap46eiukz.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"scan-echo.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519444/; classtype:trojan-activity;sid:84382544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519442)"; flow:established,from_client; content:"GET"; http_method; content:"/diaclients/doitallmain.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.salonmarketing.ca"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519442/; classtype:trojan-activity;sid:84382542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519443)"; flow:established,from_client; content:"GET"; http_method; content:"/sa0611/systemsa32.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.ss-01.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519443/; classtype:trojan-activity;sid:84382543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519430)"; flow:established,from_client; content:"GET"; http_method; content:"/test6.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519430/; classtype:trojan-activity;sid:84382530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519432)"; flow:established,from_client; content:"GET"; http_method; content:"/msedge.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"c9791c08-f1e4-4402-9510-d04c13c50ea3.selstorage.ru"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519432/; classtype:trojan-activity;sid:84382532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519436)"; flow:established,from_client; content:"GET"; http_method; content:"/autoupdate.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"update.volamthientu.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519436/; classtype:trojan-activity;sid:84382536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519429)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pubdata/hpsocket4c.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"114.55.106.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519429/; classtype:trojan-activity;sid:84382529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519425)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest31.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519425/; classtype:trojan-activity;sid:84382525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519420)"; flow:established,from_client; content:"GET"; http_method; content:"/testdumpall.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519420/; classtype:trojan-activity;sid:84382520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519421)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest11.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519421/; classtype:trojan-activity;sid:84382521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519418)"; flow:established,from_client; content:"GET"; http_method; content:"/2b1c3a75-8370-45e6-b5d6-c93c5b0ae5f9/sun.dll|3f|v=1731154698549"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"cdn.glitch.global"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519418/; classtype:trojan-activity;sid:84382518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519419)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sm02zsvdywdotb7rql/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"dhnconstrucciones.com.ar"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519419/; classtype:trojan-activity;sid:84382519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519416)"; flow:established,from_client; content:"GET"; http_method; content:"/filea.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519416/; classtype:trojan-activity;sid:84382516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519415)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"c3436037.salamanderprocessing.pages.dev"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519415/; classtype:trojan-activity;sid:84382515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519410)"; flow:established,from_client; content:"GET"; http_method; content:"/testpte.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519410/; classtype:trojan-activity;sid:84382510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519408)"; flow:established,from_client; content:"GET"; http_method; content:"/rh/setup.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"d3cciiowg5l3jx.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519408/; classtype:trojan-activity;sid:84382508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519404)"; flow:established,from_client; content:"GET"; http_method; content:"/pds/mogimall/giftorder/updater.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"mogimall.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519404/; classtype:trojan-activity;sid:84382504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519392)"; flow:established,from_client; content:"GET"; http_method; content:"/media/video_file/round_setup.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"tapestryoftruth.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519392/; classtype:trojan-activity;sid:84382492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519388)"; flow:established,from_client; content:"GET"; http_method; content:"/74002823-d235-4cf1-ba34-36967b91f68e/deku_x_cheat.dll|3f|v=1718323411486"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"cdn.glitch.global"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519388/; classtype:trojan-activity;sid:84382488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519389)"; flow:established,from_client; content:"GET"; http_method; content:"/cfxre.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"198.50.242.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519389/; classtype:trojan-activity;sid:84382489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519380)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest36.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519380/; classtype:trojan-activity;sid:84382480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519376)"; flow:established,from_client; content:"GET"; http_method; content:"/eric.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"52575815-38-20200406120634.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519376/; classtype:trojan-activity;sid:84382476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519378)"; flow:established,from_client; content:"GET"; http_method; content:"/test5.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519378/; classtype:trojan-activity;sid:84382478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519374)"; flow:established,from_client; content:"GET"; http_method; content:"/tingpong.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"windatem.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519374/; classtype:trojan-activity;sid:84382474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519368)"; flow:established,from_client; content:"GET"; http_method; content:"/r0400/yahoodll.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.ss-01.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519368/; classtype:trojan-activity;sid:84382468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519369)"; flow:established,from_client; content:"GET"; http_method; content:"/driveapplet.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"noithaticon.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519369/; classtype:trojan-activity;sid:84382469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519354)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/updates/addmefast%20bot.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519354/; classtype:trojan-activity;sid:84382454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519356)"; flow:established,from_client; content:"GET"; http_method; content:"/nircmd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pub-0478b308b8cf46709a73d0eed5afd633.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519356/; classtype:trojan-activity;sid:84382456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519358)"; flow:established,from_client; content:"GET"; http_method; content:"/2d3333b8-ad4b-4dc3-bf9d-3a63fe75f3d4/joyst_x_cheat.dll|3f|v=1724911424197"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"cdn.glitch.global"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519358/; classtype:trojan-activity;sid:84382458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519346)"; flow:established,from_client; content:"GET"; http_method; content:"/test7.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519346/; classtype:trojan-activity;sid:84382446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519347)"; flow:established,from_client; content:"GET"; http_method; content:"/test8.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519347/; classtype:trojan-activity;sid:84382447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519348)"; flow:established,from_client; content:"GET"; http_method; content:"/test1.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519348/; classtype:trojan-activity;sid:84382448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519349)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest35.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519349/; classtype:trojan-activity;sid:84382449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519092)"; flow:established,from_client; content:"GET"; http_method; content:"/pst.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"o24o.ru"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519092/; classtype:trojan-activity;sid:84382192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519084)"; flow:established,from_client; content:"GET"; http_method; content:"/airportbeta/files/foam.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"neirong.funshion.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519084/; classtype:trojan-activity;sid:84382184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519066)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-msvc-win64.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519066/; classtype:trojan-activity;sid:84382166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519063)"; flow:established,from_client; content:"GET"; http_method; content:"/vinhuptoday/testbn/raw/refs/heads/main/brbotnet.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519063/; classtype:trojan-activity;sid:84382163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519036)"; flow:established,from_client; content:"GET"; http_method; content:"/tiansys(xp%e4%b8%93%e7%94%a8).exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"fz.tiansys.cn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519036/; classtype:trojan-activity;sid:84382136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519035)"; flow:established,from_client; content:"GET"; http_method; content:"/disbalancer-project/main/releases/latest/download/disbalancer-go-client-windows-386.exe"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519035/; classtype:trojan-activity;sid:84382135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519030)"; flow:established,from_client; content:"GET"; http_method; content:"/images/tp.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"42.194.150.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519030/; classtype:trojan-activity;sid:84382130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519028)"; flow:established,from_client; content:"GET"; http_method; content:"/uniondown/haozip_tiny.201805.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"download.haozip.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519028/; classtype:trojan-activity;sid:84382128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519029)"; flow:established,from_client; content:"GET"; http_method; content:"/client/update.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.91.133.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519029/; classtype:trojan-activity;sid:84382129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519027)"; flow:established,from_client; content:"GET"; http_method; content:"/cosmicdevv/icarus-lite/releases/download/v1.1.13/icaruslite-v1.1.13-win.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519027/; classtype:trojan-activity;sid:84382127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519024)"; flow:established,from_client; content:"GET"; http_method; content:"/farmerok/telegram-remote-control-pc/raw/refs/heads/main/updater/update.exe"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519024/; classtype:trojan-activity;sid:84382124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519025)"; flow:established,from_client; content:"GET"; http_method; content:"/sebaxakerhtc/rdpwrap/releases/download/v1.8.9.9/rdpw_installer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519025/; classtype:trojan-activity;sid:84382125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519026)"; flow:established,from_client; content:"GET"; http_method; content:"/dax009yt/chilledwindows-gui/releases/download/1.0/chilledwindows.gui.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519026/; classtype:trojan-activity;sid:84382126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519019)"; flow:established,from_client; content:"GET"; http_method; content:"/jackson2323/mohradiant/blob/master/updt.exe|3f|raw=true"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519019/; classtype:trojan-activity;sid:84382119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519020)"; flow:established,from_client; content:"GET"; http_method; content:"/down/pkexu0ytxar3.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"115.159.149.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519020/; classtype:trojan-activity;sid:84382120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519021)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/public_file/relogintool.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"47.238.238.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519021/; classtype:trojan-activity;sid:84382121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519016)"; flow:established,from_client; content:"GET"; http_method; content:"/bol-van/zapret/releases/download/v70.6/zapret-v70.6.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519016/; classtype:trojan-activity;sid:84382116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519011)"; flow:established,from_client; content:"GET"; http_method; content:"/thegreen444/ffxfilesxdlls/raw/refs/heads/main/thegreen.dll"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519011/; classtype:trojan-activity;sid:84382111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519012)"; flow:established,from_client; content:"GET"; http_method; content:"/boyo3473/irack/releases/download/idk/load.driver.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519012/; classtype:trojan-activity;sid:84382112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3518999)"; flow:established,from_client; content:"GET"; http_method; content:"/2590057.s21d-2.faiusrd.com/0/abuiabblgaagytxhtauo1pck0ge.exe|3f|f=ghost%e7%bd%91%e5%85%8b%e9%9a%86%e6%a3%80%e6%b5%8b%e5%b7%a5%e5%85%b7.exe|7c|26|7c|v=1452829385|7c|26|7c|wsiphost=local|7c|26|7c|wsrid_tag=61c52eb2_psmgzjgord1de87_17635-16713"; http_uri; depth:241; isdataat:!1,relative; nocase; content:"157.185.170.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3518999/; classtype:trojan-activity;sid:84382099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519000)"; flow:established,from_client; content:"GET"; http_method; content:"/vexcentry/vex/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519000/; classtype:trojan-activity;sid:84382100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519010)"; flow:established,from_client; content:"GET"; http_method; content:"/all/software/bmw/software/coding/bmw-fsc-nbt/tools/swid_reader.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"213.16.62.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519010/; classtype:trojan-activity;sid:84382110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3518861)"; flow:established,from_client; content:"GET"; http_method; content:"/ns3.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3518861/; classtype:trojan-activity;sid:84381961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3518860)"; flow:established,from_client; content:"GET"; http_method; content:"/ns1.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3518860/; classtype:trojan-activity;sid:84381960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3518308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.39.181.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_19; reference:url, urlhaus.abuse.ch/url/3518308/; classtype:trojan-activity;sid:84381408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3517053)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.123.26.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_18; reference:url, urlhaus.abuse.ch/url/3517053/; classtype:trojan-activity;sid:84380153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3517040)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"2.57.122.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_18; reference:url, urlhaus.abuse.ch/url/3517040/; classtype:trojan-activity;sid:84380140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3516658)"; flow:established,from_client; content:"GET"; http_method; content:"/vinhuptoday/testbn/raw/refs/heads/main/brbotnet.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_18; reference:url, urlhaus.abuse.ch/url/3516658/; classtype:trojan-activity;sid:84379758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3516584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.219.49.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_18; reference:url, urlhaus.abuse.ch/url/3516584/; classtype:trojan-activity;sid:84379684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3516130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.191.156.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3516130/; classtype:trojan-activity;sid:84379230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3516107)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.123.26.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3516107/; classtype:trojan-activity;sid:84379207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3516021)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.44.67.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3516021/; classtype:trojan-activity;sid:84379121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3516004)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.96.89.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3516004/; classtype:trojan-activity;sid:84379104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515984)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"111.229.187.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515984/; classtype:trojan-activity;sid:84379084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515978)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.79.64.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515978/; classtype:trojan-activity;sid:84379078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515982)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.163.81.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515982/; classtype:trojan-activity;sid:84379082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515966)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"84.21.172.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515966/; classtype:trojan-activity;sid:84379066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515964)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.96.13.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515964/; classtype:trojan-activity;sid:84379064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515947)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.93.28.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515947/; classtype:trojan-activity;sid:84379047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515937)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.93.28.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515937/; classtype:trojan-activity;sid:84379037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515938)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"129.204.254.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515938/; classtype:trojan-activity;sid:84379038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515929)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"20.74.209.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515929/; classtype:trojan-activity;sid:84379029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515908)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.155.195.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515908/; classtype:trojan-activity;sid:84379008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3514528)"; flow:established,from_client; content:"GET"; http_method; content:"/asdfghjkl/frp.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"66.187.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3514528/; classtype:trojan-activity;sid:84377628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3514066)"; flow:established,from_client; content:"GET"; http_method; content:"/nkminash/my-codd/raw/896d806a9b4569c9c3a275f200ebe7d2ecec5702/snd16061.exe"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3514066/; classtype:trojan-activity;sid:84377166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3513504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.85.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_16; reference:url, urlhaus.abuse.ch/url/3513504/; classtype:trojan-activity;sid:84376604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3513248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin//support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:78; isdataat:!1,relative; nocase; content:"192.159.99.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_16; reference:url, urlhaus.abuse.ch/url/3513248/; classtype:trojan-activity;sid:84376348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3513186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin//support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:78; isdataat:!1,relative; nocase; content:"45.94.31.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_16; reference:url, urlhaus.abuse.ch/url/3513186/; classtype:trojan-activity;sid:84376286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3513183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin//support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:78; isdataat:!1,relative; nocase; content:"194.26.192.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_16; reference:url, urlhaus.abuse.ch/url/3513183/; classtype:trojan-activity;sid:84376283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3511995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.242.103.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_15; reference:url, urlhaus.abuse.ch/url/3511995/; classtype:trojan-activity;sid:84375095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3511783)"; flow:established,from_client; content:"GET"; http_method; content:"/ghdsdcbn124.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.khavar.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_15; reference:url, urlhaus.abuse.ch/url/3511783/; classtype:trojan-activity;sid:84374883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3511286)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.91.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3511286/; classtype:trojan-activity;sid:84374386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510901)"; flow:established,from_client; content:"GET"; http_method; content:"/dl16"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510901/; classtype:trojan-activity;sid:84374001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.25.8.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510839/; classtype:trojan-activity;sid:84373939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510726)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510726/; classtype:trojan-activity;sid:84373826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510727)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510727/; classtype:trojan-activity;sid:84373827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510724)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510724/; classtype:trojan-activity;sid:84373824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510725)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510725/; classtype:trojan-activity;sid:84373825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510721)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510721/; classtype:trojan-activity;sid:84373821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510722)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.mips64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510722/; classtype:trojan-activity;sid:84373822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510723)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510723/; classtype:trojan-activity;sid:84373823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510718)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510718/; classtype:trojan-activity;sid:84373818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510712)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510712/; classtype:trojan-activity;sid:84373812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510713)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510713/; classtype:trojan-activity;sid:84373813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510714)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510714/; classtype:trojan-activity;sid:84373814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510715)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510715/; classtype:trojan-activity;sid:84373815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510716)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510716/; classtype:trojan-activity;sid:84373816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509907)"; flow:established,from_client; content:"GET"; http_method; content:"/rahmounben/lc/refs/heads/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509907/; classtype:trojan-activity;sid:84373007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509904)"; flow:established,from_client; content:"GET"; http_method; content:"/justjzero/ahh/refs/heads/main/cloudy.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509904/; classtype:trojan-activity;sid:84373004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509901)"; flow:established,from_client; content:"GET"; http_method; content:"/justjzero/ahh/raw/refs/heads/main/cloudy.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509901/; classtype:trojan-activity;sid:84373001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509879)"; flow:established,from_client; content:"GET"; http_method; content:"/uelenka/supreme-spork/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509879/; classtype:trojan-activity;sid:84372979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509872)"; flow:established,from_client; content:"GET"; http_method; content:"/niggedddx/dependenciuesfeife/raw/refs/heads/main/bruterv3.1.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509872/; classtype:trojan-activity;sid:84372972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxprotectech.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509583/; classtype:trojan-activity;sid:84372683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxguardwave.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509585/; classtype:trojan-activity;sid:84372685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxshieldcore.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509586/; classtype:trojan-activity;sid:84372686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxcryptorix.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509588/; classtype:trojan-activity;sid:84372688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxarmorcrypt.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509589/; classtype:trojan-activity;sid:84372689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxguardify.de"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509590/; classtype:trojan-activity;sid:84372690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxcyberedge.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509574/; classtype:trojan-activity;sid:84372674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3508860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"69.70.59.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_12; reference:url, urlhaus.abuse.ch/url/3508860/; classtype:trojan-activity;sid:84371960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3507474)"; flow:established,from_client; content:"GET"; http_method; content:"/kibnakamoto/mimikatz/main/mimikatz.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_11; reference:url, urlhaus.abuse.ch/url/3507474/; classtype:trojan-activity;sid:84370574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3507456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/mimikatz.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_11; reference:url, urlhaus.abuse.ch/url/3507456/; classtype:trojan-activity;sid:84370556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3507452)"; flow:established,from_client; content:"GET"; http_method; content:"/misterlobster22/mimik/blob/main/mimikatz.exe|3f|raw=true"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_11; reference:url, urlhaus.abuse.ch/url/3507452/; classtype:trojan-activity;sid:84370552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506999)"; flow:established,from_client; content:"GET"; http_method; content:"/wj/feishu.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"8.134.199.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506999/; classtype:trojan-activity;sid:84370099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506996)"; flow:established,from_client; content:"GET"; http_method; content:"/wj/pcre.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"8.134.199.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506996/; classtype:trojan-activity;sid:84370096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506997)"; flow:established,from_client; content:"GET"; http_method; content:"/wj/glib-2.0.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"8.134.199.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506997/; classtype:trojan-activity;sid:84370097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506998)"; flow:established,from_client; content:"GET"; http_method; content:"/wj/intl.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"8.134.199.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506998/; classtype:trojan-activity;sid:84370098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506993)"; flow:established,from_client; content:"GET"; http_method; content:"/wj/hei.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"8.134.199.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506993/; classtype:trojan-activity;sid:84370093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506991)"; flow:established,from_client; content:"GET"; http_method; content:"/wj/gmodule-2.0.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"8.134.199.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506991/; classtype:trojan-activity;sid:84370091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506992)"; flow:established,from_client; content:"GET"; http_method; content:"/wj/vcruntime140_1.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"8.134.199.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506992/; classtype:trojan-activity;sid:84370092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506392)"; flow:established,from_client; content:"GET"; http_method; content:"/deepakmeena2006/lib/6753a65f543afe81079459a8439ec1e0c0a660b4/s86.txt"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506392/; classtype:trojan-activity;sid:84369492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506391)"; flow:established,from_client; content:"GET"; http_method; content:"/deepakmeena2006/lib/6753a65f543afe81079459a8439ec1e0c0a660b4/s64.txt"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506391/; classtype:trojan-activity;sid:84369491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506386)"; flow:established,from_client; content:"GET"; http_method; content:"/mosseve/reverbed/releases/download/3.8.8/reverbed.v3.8.8.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506386/; classtype:trojan-activity;sid:84369486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505672)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1muftth-5lscdi3ovd5vn7sjkeit2h9k1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505672/; classtype:trojan-activity;sid:84368772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"139.255.40.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505645/; classtype:trojan-activity;sid:84368745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505506)"; flow:established,from_client; content:"GET"; http_method; content:"/makeewyk.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bestieslos.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505506/; classtype:trojan-activity;sid:84368606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505504)"; flow:established,from_client; content:"GET"; http_method; content:"/uulyorik.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bestieslos.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505504/; classtype:trojan-activity;sid:84368604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505502)"; flow:established,from_client; content:"GET"; http_method; content:"/pmlqrjin.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bestieslos.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505502/; classtype:trojan-activity;sid:84368602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505422)"; flow:established,from_client; content:"GET"; http_method; content:"/jaime00marulanda/yt-audio-api/releases/download/v2.6.9/yt-audio-api_v2.6.9.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505422/; classtype:trojan-activity;sid:84368522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505418)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/helloswaps/releases/download/v2.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505418/; classtype:trojan-activity;sid:84368518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505393)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/react-material/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505393/; classtype:trojan-activity;sid:84368493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505394)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/ticker-ai-with-tailwind-css/releases/download/v2.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505394/; classtype:trojan-activity;sid:84368494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505395)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/react-material/releases/download/v2.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505395/; classtype:trojan-activity;sid:84368495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505396)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/docs/releases/download/v2.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505396/; classtype:trojan-activity;sid:84368496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505398)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/governingdocs/releases/download/v1.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505398/; classtype:trojan-activity;sid:84368498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505399)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/creatives-for-you/releases/download/v2.0/application.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505399/; classtype:trojan-activity;sid:84368499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505400)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/basic-js-problem-solving/releases/download/v1.0/application.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505400/; classtype:trojan-activity;sid:84368500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505401)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/governingdocs/releases/download/v2.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505401/; classtype:trojan-activity;sid:84368501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505402)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/ticker-ai-with-tailwind-css/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505402/; classtype:trojan-activity;sid:84368502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505403)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/wizia/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505403/; classtype:trojan-activity;sid:84368503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505404)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/kiekefotografie/releases/download/v2.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505404/; classtype:trojan-activity;sid:84368504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505406)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/docs/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505406/; classtype:trojan-activity;sid:84368506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505407)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/helloswaps/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505407/; classtype:trojan-activity;sid:84368507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505408)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/mastercard-ui/releases/download/v2.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505408/; classtype:trojan-activity;sid:84368508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505409)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/wizia/releases/download/v2.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505409/; classtype:trojan-activity;sid:84368509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505410)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/profile-card/releases/download/v2.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505410/; classtype:trojan-activity;sid:84368510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505411)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/creative-for-you/releases/download/v1.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505411/; classtype:trojan-activity;sid:84368511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505412)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/mastercard-ui/releases/download/v1.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505412/; classtype:trojan-activity;sid:84368512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505413)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/profile-card/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505413/; classtype:trojan-activity;sid:84368513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505414)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/creatives-for-you/releases/download/v1.0/application.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505414/; classtype:trojan-activity;sid:84368514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505415)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/creative-for-you/releases/download/v2.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505415/; classtype:trojan-activity;sid:84368515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505416)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/simple-todo-list/releases/download/v1.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505416/; classtype:trojan-activity;sid:84368516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505417)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/basic-js-problem-solving/releases/download/v2.0/application.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505417/; classtype:trojan-activity;sid:84368517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505384)"; flow:established,from_client; content:"GET"; http_method; content:"/klhhrx/reel-rec/releases/download/v2.0/release_x64.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505384/; classtype:trojan-activity;sid:84368484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505385)"; flow:established,from_client; content:"GET"; http_method; content:"/andremedina15/reel-rec/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505385/; classtype:trojan-activity;sid:84368485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505376)"; flow:established,from_client; content:"GET"; http_method; content:"/andremedina15/reel-rec/releases/download/v2.0/release_x64.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505376/; classtype:trojan-activity;sid:84368476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505377)"; flow:established,from_client; content:"GET"; http_method; content:"/electrichermit/vegas-pro-version/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505377/; classtype:trojan-activity;sid:84368477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505378)"; flow:established,from_client; content:"GET"; http_method; content:"/7777suprim/expo-rsc-movies/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505378/; classtype:trojan-activity;sid:84368478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505379)"; flow:established,from_client; content:"GET"; http_method; content:"/klhhrx/reel-rec/releases/download/v1.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505379/; classtype:trojan-activity;sid:84368479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505380)"; flow:established,from_client; content:"GET"; http_method; content:"/asdhasdasj/reel-rec/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505380/; classtype:trojan-activity;sid:84368480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505381)"; flow:established,from_client; content:"GET"; http_method; content:"/asdhasdasj/reel-rec/releases/download/v2.0/release_x64.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505381/; classtype:trojan-activity;sid:84368481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505382)"; flow:established,from_client; content:"GET"; http_method; content:"/ergin3432432/movie-mates/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505382/; classtype:trojan-activity;sid:84368482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505342)"; flow:established,from_client; content:"GET"; http_method; content:"/quyw/microphonefixer/releases/download/v3.0.8-beta.4/microphonefixer.v3.0.8-beta.4.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505342/; classtype:trojan-activity;sid:84368442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505336)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/youtube_playlist_downloader/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505336/; classtype:trojan-activity;sid:84368436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505334)"; flow:established,from_client; content:"GET"; http_method; content:"/yumyumdonuts/free-youtube-to-mp3-converter-free/releases/download/1.1.2/freeyoutubetomp3converterfree-1.1.2.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505334/; classtype:trojan-activity;sid:84368434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505325)"; flow:established,from_client; content:"GET"; http_method; content:"/lucaspb833/ytmpx/releases/download/1.3.4/ytmpx-1.3.4.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505325/; classtype:trojan-activity;sid:84368425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505326)"; flow:established,from_client; content:"GET"; http_method; content:"/vnnha/ytd-youtube-downloader-download/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505326/; classtype:trojan-activity;sid:84368426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505327)"; flow:established,from_client; content:"GET"; http_method; content:"/lbngrg/social-media-downloader/releases/download/glassful/social-media-downloader-glassful"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505327/; classtype:trojan-activity;sid:84368427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505328)"; flow:established,from_client; content:"GET"; http_method; content:"/vignesh5229/yt-blaze/releases/download/1.9.1-beta.4/yt-blaze-1.9.1-beta.4.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505328/; classtype:trojan-activity;sid:84368428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505329)"; flow:established,from_client; content:"GET"; http_method; content:"/vnnha/ytd-youtube-downloader-download/releases/download/v1.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505329/; classtype:trojan-activity;sid:84368429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505332)"; flow:established,from_client; content:"GET"; http_method; content:"/lbngrg/social-media-downloader/releases/download/v1.8.0/social-media-downloader-v1.8.0"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505332/; classtype:trojan-activity;sid:84368432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505321)"; flow:established,from_client; content:"GET"; http_method; content:"/sahuamol/ummy-video-downloader-free/releases/download/1.9.1/ummy-video-downloader-free-1.9.1.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505321/; classtype:trojan-activity;sid:84368421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505313)"; flow:established,from_client; content:"GET"; http_method; content:"/nmattioni/upload/raw/refs/heads/master/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505313/; classtype:trojan-activity;sid:84368413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505307)"; flow:established,from_client; content:"GET"; http_method; content:"/anamesias580/upload/refs/heads/master/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505307/; classtype:trojan-activity;sid:84368407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505305)"; flow:established,from_client; content:"GET"; http_method; content:"/phanu85/upload/raw/refs/heads/master/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505305/; classtype:trojan-activity;sid:84368405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505304)"; flow:established,from_client; content:"GET"; http_method; content:"/pantay/upload/raw/refs/heads/master/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505304/; classtype:trojan-activity;sid:84368404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505249)"; flow:established,from_client; content:"GET"; http_method; content:"/goodlogs.doc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.150.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505249/; classtype:trojan-activity;sid:84368349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"45.94.31.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505097/; classtype:trojan-activity;sid:84368197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"194.26.192.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505073/; classtype:trojan-activity;sid:84368173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"192.159.99.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505074/; classtype:trojan-activity;sid:84368174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504870)"; flow:established,from_client; content:"GET"; http_method; content:"/public/upload/files/l.sh"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"39.104.161.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3504870/; classtype:trojan-activity;sid:84367970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504713)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.238.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_08; reference:url, urlhaus.abuse.ch/url/3504713/; classtype:trojan-activity;sid:84367813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.58.85.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_08; reference:url, urlhaus.abuse.ch/url/3504716/; classtype:trojan-activity;sid:84367816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.244.41.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_08; reference:url, urlhaus.abuse.ch/url/3504717/; classtype:trojan-activity;sid:84367817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.60.216.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_07; reference:url, urlhaus.abuse.ch/url/3503677/; classtype:trojan-activity;sid:84366777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503668)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.210.95.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_07; reference:url, urlhaus.abuse.ch/url/3503668/; classtype:trojan-activity;sid:84366768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503409)"; flow:established,from_client; content:"GET"; http_method; content:"/tirtekeka/rat-client/zip/refs/heads/main"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_04_07; reference:url, urlhaus.abuse.ch/url/3503409/; classtype:trojan-activity;sid:84366509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503003)"; flow:established,from_client; content:"GET"; http_method; content:"/download/konsol.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"backupso.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_06; reference:url, urlhaus.abuse.ch/url/3503003/; classtype:trojan-activity;sid:84366103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3502746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.117.61.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_06; reference:url, urlhaus.abuse.ch/url/3502746/; classtype:trojan-activity;sid:84365846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3502701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.210.214.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_06; reference:url, urlhaus.abuse.ch/url/3502701/; classtype:trojan-activity;sid:84365801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3502654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.115.103.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_06; reference:url, urlhaus.abuse.ch/url/3502654/; classtype:trojan-activity;sid:84365754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3501608)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"35.137.185.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_05; reference:url, urlhaus.abuse.ch/url/3501608/; classtype:trojan-activity;sid:84364708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3500891)"; flow:established,from_client; content:"GET"; http_method; content:"/chin/ifjjmktge.mp3"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dcrun.co.uk"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_04; reference:url, urlhaus.abuse.ch/url/3500891/; classtype:trojan-activity;sid:84363991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3500726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.173.136.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_04; reference:url, urlhaus.abuse.ch/url/3500726/; classtype:trojan-activity;sid:84363826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499996)"; flow:established,from_client; content:"GET"; http_method; content:"/bahaaaymen/chapito/releases/download/v3.3.6/stay.out.firewind.v1.8.6.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_03; reference:url, urlhaus.abuse.ch/url/3499996/; classtype:trojan-activity;sid:84363096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499995)"; flow:established,from_client; content:"GET"; http_method; content:"/sylvanogammer/apex-no-recoil/releases/download/v1.8.4-beta.4/apex-no-recoil-v1.8.4-beta.4.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_03; reference:url, urlhaus.abuse.ch/url/3499995/; classtype:trojan-activity;sid:84363095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499993)"; flow:established,from_client; content:"GET"; http_method; content:"/roniel8/apex-no-recoil/releases/download/v2.5.1-alpha.3/apex-no-recoil-v2-5-1-alpha-3.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_03; reference:url, urlhaus.abuse.ch/url/3499993/; classtype:trojan-activity;sid:84363093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxironvault.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_03; reference:url, urlhaus.abuse.ch/url/3499800/; classtype:trojan-activity;sid:84362900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxphantomlock.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_04_03; reference:url, urlhaus.abuse.ch/url/3499801/; classtype:trojan-activity;sid:84362901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499150)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.124.72.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_02; reference:url, urlhaus.abuse.ch/url/3499150/; classtype:trojan-activity;sid:84362250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498482)"; flow:established,from_client; content:"GET"; http_method; content:"/juanbustoss/src/raw/refs/heads/master/application.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498482/; classtype:trojan-activity;sid:84361582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498084)"; flow:established,from_client; content:"GET"; http_method; content:"/shellyacm/imgx/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498084/; classtype:trojan-activity;sid:84361184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498082)"; flow:established,from_client; content:"GET"; http_method; content:"/shellyacm/imgx/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498082/; classtype:trojan-activity;sid:84361182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498069)"; flow:established,from_client; content:"GET"; http_method; content:"/unknownn89/hackinggpt/releases/download/1.8.9/hackinggpt-1.8.9.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498069/; classtype:trojan-activity;sid:84361169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498070)"; flow:established,from_client; content:"GET"; http_method; content:"/demonsofhe/onion-rings/releases/download/3.1.7/onion-rings-3.1.7.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498070/; classtype:trojan-activity;sid:84361170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498071)"; flow:established,from_client; content:"GET"; http_method; content:"/soulfly02/greentendo/releases/download/v1.1/soft.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498071/; classtype:trojan-activity;sid:84361171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498072)"; flow:established,from_client; content:"GET"; http_method; content:"/warisalishah/mytube/releases/download/v1.1/soft.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498072/; classtype:trojan-activity;sid:84361172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498073)"; flow:established,from_client; content:"GET"; http_method; content:"/rippez/wordkeeper/releases/download/caseharden/release.caseharden.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498073/; classtype:trojan-activity;sid:84361173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498074)"; flow:established,from_client; content:"GET"; http_method; content:"/alesti19/driver-booster-pro-installer-2025/releases/download/3.5.4/driver-booster-pro-installer-2025-3.5.4.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498074/; classtype:trojan-activity;sid:84361174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498075)"; flow:established,from_client; content:"GET"; http_method; content:"/quangne123/imazing-crack-download/releases/download/v1.0/application.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498075/; classtype:trojan-activity;sid:84361175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498076)"; flow:established,from_client; content:"GET"; http_method; content:"/jxx1234567890jxx/datatransformationchecker/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498076/; classtype:trojan-activity;sid:84361176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498077)"; flow:established,from_client; content:"GET"; http_method; content:"/gsrajput08/rewitte.jlgradmap/releases/download/v1.1/soft.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498077/; classtype:trojan-activity;sid:84361177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498078)"; flow:established,from_client; content:"GET"; http_method; content:"/8e8bdba457c18cf692a95fe2ec67000b/vulkancooperativematrixattention/releases/download/v2.0/software.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498078/; classtype:trojan-activity;sid:84361178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498062)"; flow:established,from_client; content:"GET"; http_method; content:"/adil1958p/instagram-followers-booster-v2.4.5/releases/download/v1.3.6/instagram-followers-booster-v2.4.5-v1.3.6.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498062/; classtype:trojan-activity;sid:84361162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498064)"; flow:established,from_client; content:"GET"; http_method; content:"/hackerboy5916/booknotify/releases/download/v1.0/release_x64.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498064/; classtype:trojan-activity;sid:84361164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498065)"; flow:established,from_client; content:"GET"; http_method; content:"/soup6792/silverblue-base-/releases/download/v1.0/release_x64.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498065/; classtype:trojan-activity;sid:84361165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498066)"; flow:established,from_client; content:"GET"; http_method; content:"/madureira20/pixtrail/releases/download/3.3.3/pixtrail-3.3.3.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498066/; classtype:trojan-activity;sid:84361166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498067)"; flow:established,from_client; content:"GET"; http_method; content:"/frank698/localocr/releases/download/v2.3.3/localocr_v2.3.3.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498067/; classtype:trojan-activity;sid:84361167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498055)"; flow:established,from_client; content:"GET"; http_method; content:"/unknownn89/hackinggpt/releases/download/crowned/hackinggpt-crowned.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498055/; classtype:trojan-activity;sid:84361155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498056)"; flow:established,from_client; content:"GET"; http_method; content:"/wfeifefeifef/pokemon-crud/releases/download/v1.1/soft.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498056/; classtype:trojan-activity;sid:84361156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498058)"; flow:established,from_client; content:"GET"; http_method; content:"/03juseroto/fitlog-progress-tracker-app/releases/download/v1.1/soft.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498058/; classtype:trojan-activity;sid:84361158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498059)"; flow:established,from_client; content:"GET"; http_method; content:"/julia2806/stock-watch/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498059/; classtype:trojan-activity;sid:84361159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498044)"; flow:established,from_client; content:"GET"; http_method; content:"/soup6792/silverblue-base-/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498044/; classtype:trojan-activity;sid:84361144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498045)"; flow:established,from_client; content:"GET"; http_method; content:"/ushii/weather_app/releases/download/v1.0/installer.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498045/; classtype:trojan-activity;sid:84361145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498047)"; flow:established,from_client; content:"GET"; http_method; content:"/rahulpa045/cphishtermux/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498047/; classtype:trojan-activity;sid:84361147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498048)"; flow:established,from_client; content:"GET"; http_method; content:"/gsrajput08/rewitte.jlgradmap/releases/download/v1.2/soft.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498048/; classtype:trojan-activity;sid:84361148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498050)"; flow:established,from_client; content:"GET"; http_method; content:"/wfeifefeifef/pokemon-crud/releases/download/v1.2/soft.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498050/; classtype:trojan-activity;sid:84361150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498052)"; flow:established,from_client; content:"GET"; http_method; content:"/soulfly02/greentendo/releases/download/v1.2/soft.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498052/; classtype:trojan-activity;sid:84361152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498053)"; flow:established,from_client; content:"GET"; http_method; content:"/jxx1234567890jxx/datatransformationchecker/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498053/; classtype:trojan-activity;sid:84361153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498054)"; flow:established,from_client; content:"GET"; http_method; content:"/nazaastore/abacus2api/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498054/; classtype:trojan-activity;sid:84361154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498029)"; flow:established,from_client; content:"GET"; http_method; content:"/03juseroto/fitlog-progress-tracker-app/releases/download/v1.2/soft.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498029/; classtype:trojan-activity;sid:84361129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498030)"; flow:established,from_client; content:"GET"; http_method; content:"/x4lex19o/vue3-crypto-dashboard/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498030/; classtype:trojan-activity;sid:84361130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498031)"; flow:established,from_client; content:"GET"; http_method; content:"/clemmrobl/capture-one-pro-free/releases/download/1.1.2/capture-one-pro-free-1.1.2.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498031/; classtype:trojan-activity;sid:84361131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498032)"; flow:established,from_client; content:"GET"; http_method; content:"/computoki/e/releases/download/v1.0/software.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498032/; classtype:trojan-activity;sid:84361132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498033)"; flow:established,from_client; content:"GET"; http_method; content:"/gamer615/acdsee-photo-studio-professional-download/releases/download/v1.0/software.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498033/; classtype:trojan-activity;sid:84361133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498034)"; flow:established,from_client; content:"GET"; http_method; content:"/ushii/weather_app/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498034/; classtype:trojan-activity;sid:84361134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498035)"; flow:established,from_client; content:"GET"; http_method; content:"/lucianoolferxa98/solanaj/releases/download/1.9.4-alpha.2/solanaj-v1.9.4-alpha.2.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498035/; classtype:trojan-activity;sid:84361135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498036)"; flow:established,from_client; content:"GET"; http_method; content:"/gamer615/acdsee-photo-studio-professional-download/releases/download/v2.0/software.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498036/; classtype:trojan-activity;sid:84361136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498038)"; flow:established,from_client; content:"GET"; http_method; content:"/eltrapico2/php-library-system/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498038/; classtype:trojan-activity;sid:84361138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498040)"; flow:established,from_client; content:"GET"; http_method; content:"/warisalishah/mytube/releases/download/v1.2/soft.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498040/; classtype:trojan-activity;sid:84361140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498041)"; flow:established,from_client; content:"GET"; http_method; content:"/hackerboy5916/booknotify/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498041/; classtype:trojan-activity;sid:84361141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498043)"; flow:established,from_client; content:"GET"; http_method; content:"/quangne123/imazing-crack-download/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498043/; classtype:trojan-activity;sid:84361143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498021)"; flow:established,from_client; content:"GET"; http_method; content:"/yunduwa22/global-mapper-download/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498021/; classtype:trojan-activity;sid:84361121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498020)"; flow:established,from_client; content:"GET"; http_method; content:"/tradespherex8777/plum-amazing-iwatermark-pro-download/releases/download/v2.0/software.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498020/; classtype:trojan-activity;sid:84361120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498019)"; flow:established,from_client; content:"GET"; http_method; content:"/tradespherex8777/plum-amazing-iwatermark-pro-download/releases/download/v1.0/software.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498019/; classtype:trojan-activity;sid:84361119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497914)"; flow:established,from_client; content:"GET"; http_method; content:"/pirlokipngeno/crackftp/releases/download/3.5.4/crackftp-3.5.4.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497914/; classtype:trojan-activity;sid:84361014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497912)"; flow:established,from_client; content:"GET"; http_method; content:"/hubertvv/venomcontrol-rat-crack-source/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497912/; classtype:trojan-activity;sid:84361012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497913)"; flow:established,from_client; content:"GET"; http_method; content:"/kinayeeasd/wpcracker/releases/download/2.0.7-beta.4/wpcracker.2.0.7-beta.4.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497913/; classtype:trojan-activity;sid:84361013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497910)"; flow:established,from_client; content:"GET"; http_method; content:"/tefa1234/wpcracker/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497910/; classtype:trojan-activity;sid:84361010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497906)"; flow:established,from_client; content:"GET"; http_method; content:"/tefa1234/wpcracker/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497906/; classtype:trojan-activity;sid:84361006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497907)"; flow:established,from_client; content:"GET"; http_method; content:"/rockfort73/global-mapper-download/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497907/; classtype:trojan-activity;sid:84361007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497908)"; flow:established,from_client; content:"GET"; http_method; content:"/bro123con/alien-crypter-crack-source-code-net-native/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497908/; classtype:trojan-activity;sid:84361008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497898)"; flow:established,from_client; content:"GET"; http_method; content:"/slyge/yescrypt_crack/releases/download/v2.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497898/; classtype:trojan-activity;sid:84360998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497899)"; flow:established,from_client; content:"GET"; http_method; content:"/bro123con/alien-crypter-crack-source-code-net-native/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497899/; classtype:trojan-activity;sid:84360999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497900)"; flow:established,from_client; content:"GET"; http_method; content:"/hubertvv/venomcontrol-rat-crack-source/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497900/; classtype:trojan-activity;sid:84361000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497901)"; flow:established,from_client; content:"GET"; http_method; content:"/rockfort73/global-mapper-download/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497901/; classtype:trojan-activity;sid:84361001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497903)"; flow:established,from_client; content:"GET"; http_method; content:"/stmdinogod/winrar-password-cracker-tool/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497903/; classtype:trojan-activity;sid:84361003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497905)"; flow:established,from_client; content:"GET"; http_method; content:"/slyge/yescrypt_crack/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497905/; classtype:trojan-activity;sid:84361005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497893)"; flow:established,from_client; content:"GET"; http_method; content:"/agent-piss/stellar-data-recovery-pro-free/releases/download/v1.4.8/stellar.moonlight.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497893/; classtype:trojan-activity;sid:84360993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497894)"; flow:established,from_client; content:"GET"; http_method; content:"/ahiuit/keyword-researcher-pro-free/releases/download/3.8.9/keywordresearcherprofree-3.8.9.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497894/; classtype:trojan-activity;sid:84360994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497895)"; flow:established,from_client; content:"GET"; http_method; content:"/rauroh/avs-video-editor-free/releases/download/1.3.1/avs.video.editor.free.v1.3.1.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497895/; classtype:trojan-activity;sid:84360995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497891)"; flow:established,from_client; content:"GET"; http_method; content:"/helloworld-89/figma-free-crack/releases/download/2.8.5-alpha.1/figma-free-crack-2.8.5-alpha.1.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497891/; classtype:trojan-activity;sid:84360991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497890)"; flow:established,from_client; content:"GET"; http_method; content:"/acemardri1/ashampoo-burning-studio-crack/releases/download/1.1.4/ashampoo.burning.bliss.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497890/; classtype:trojan-activity;sid:84360990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497885)"; flow:established,from_client; content:"GET"; http_method; content:"/zigaaaaaaaa/crackftp/releases/download/v2.3.0/crackftp.v2.3.0.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497885/; classtype:trojan-activity;sid:84360985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497878)"; flow:established,from_client; content:"GET"; http_method; content:"/zigaaaaaaaa/crackftp/releases/download/v3.4.5/release.v3.4.5.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497878/; classtype:trojan-activity;sid:84360978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497873)"; flow:established,from_client; content:"GET"; http_method; content:"/jewonsan/dvd-cloner_crack/releases/download/v3.3.4/dvd-cloner_crack_v3.3.4.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497873/; classtype:trojan-activity;sid:84360973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497872)"; flow:established,from_client; content:"GET"; http_method; content:"/tisha466/stardock_groupy_crack/releases/download/1.7.2/release.1.7.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497872/; classtype:trojan-activity;sid:84360972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497868)"; flow:established,from_client; content:"GET"; http_method; content:"/maykolingui/miside-cheat/releases/download/v2.1.7/miside-cheat-v2.1.7.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497868/; classtype:trojan-activity;sid:84360968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497857)"; flow:established,from_client; content:"GET"; http_method; content:"/tono1946/manageengine-desktop-central-crack/releases/download/v1.4.2/manageengine-desktop-central-crack-v1.4.2.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497857/; classtype:trojan-activity;sid:84360957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497826)"; flow:established,from_client; content:"GET"; http_method; content:"/itznaviya/hamster-kombat-bot/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497826/; classtype:trojan-activity;sid:84360926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497822)"; flow:established,from_client; content:"GET"; http_method; content:"/itznaviya/hamster-kombat-bot/releases/download/v2.0/program.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497822/; classtype:trojan-activity;sid:84360922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497823)"; flow:established,from_client; content:"GET"; http_method; content:"/unlimxts2/password-manager-intermediate/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497823/; classtype:trojan-activity;sid:84360923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497824)"; flow:established,from_client; content:"GET"; http_method; content:"/neverluckz/stack-back/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497824/; classtype:trojan-activity;sid:84360924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497825)"; flow:established,from_client; content:"GET"; http_method; content:"/itznaviya/hamster-kombat-bot/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497825/; classtype:trojan-activity;sid:84360925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497820)"; flow:established,from_client; content:"GET"; http_method; content:"/luisdetre/cmv-stressor/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497820/; classtype:trojan-activity;sid:84360920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497817)"; flow:established,from_client; content:"GET"; http_method; content:"/alan7385/top-10-malware-detection-projects/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497817/; classtype:trojan-activity;sid:84360917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497818)"; flow:established,from_client; content:"GET"; http_method; content:"/luisdetre/cmv-stressor/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497818/; classtype:trojan-activity;sid:84360918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497819)"; flow:established,from_client; content:"GET"; http_method; content:"/alan7385/top-10-malware-detection-projects/releases/download/v1.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497819/; classtype:trojan-activity;sid:84360919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497808)"; flow:established,from_client; content:"GET"; http_method; content:"/0quvy/d-d-trading-program/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497808/; classtype:trojan-activity;sid:84360908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497809)"; flow:established,from_client; content:"GET"; http_method; content:"/jack69393/vuldb-api-golang-examples/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497809/; classtype:trojan-activity;sid:84360909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497810)"; flow:established,from_client; content:"GET"; http_method; content:"/0quvy/d-d-trading-program/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497810/; classtype:trojan-activity;sid:84360910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497811)"; flow:established,from_client; content:"GET"; http_method; content:"/jack69393/vuldb-api-golang-examples/releases/download/v1.0/application.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497811/; classtype:trojan-activity;sid:84360911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497806)"; flow:established,from_client; content:"GET"; http_method; content:"/dragon271320/test-audit/releases/download/v1.0/application.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497806/; classtype:trojan-activity;sid:84360906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497805)"; flow:established,from_client; content:"GET"; http_method; content:"/ffxjevefi/nix-system-services-hardened/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497805/; classtype:trojan-activity;sid:84360905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497798)"; flow:established,from_client; content:"GET"; http_method; content:"/wolladand120/wireless-protect_service_version/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497798/; classtype:trojan-activity;sid:84360898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497797)"; flow:established,from_client; content:"GET"; http_method; content:"/supreme-snaze/permutations/releases/download/v1.0/program.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497797/; classtype:trojan-activity;sid:84360897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497794)"; flow:established,from_client; content:"GET"; http_method; content:"/rip257/dotnet-sdk/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497794/; classtype:trojan-activity;sid:84360894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497791)"; flow:established,from_client; content:"GET"; http_method; content:"/rip257/dotnet-sdk/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497791/; classtype:trojan-activity;sid:84360891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497790)"; flow:established,from_client; content:"GET"; http_method; content:"/wolladand120/wireless-protect_service_version/releases/download/v1.0/soft.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497790/; classtype:trojan-activity;sid:84360890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497786)"; flow:established,from_client; content:"GET"; http_method; content:"/hackhackboyss/crypto-aml-check/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497786/; classtype:trojan-activity;sid:84360886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497782)"; flow:established,from_client; content:"GET"; http_method; content:"/panozkaiscool/guard-clauses/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497782/; classtype:trojan-activity;sid:84360882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497783)"; flow:established,from_client; content:"GET"; http_method; content:"/indiizza/shadowtool/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497783/; classtype:trojan-activity;sid:84360883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497775)"; flow:established,from_client; content:"GET"; http_method; content:"/hackhackboyss/crypto-aml-check/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497775/; classtype:trojan-activity;sid:84360875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497769)"; flow:established,from_client; content:"GET"; http_method; content:"/tuliodrx/ovh-ddos/releases/download/2.5.6/ovh-ddos-2.5.6.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497769/; classtype:trojan-activity;sid:84360869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497766)"; flow:established,from_client; content:"GET"; http_method; content:"/trunghiuu08/pc-health-advisor/releases/download/3.5.4/pc.health.advisor.3.5.4.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497766/; classtype:trojan-activity;sid:84360866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497761)"; flow:established,from_client; content:"GET"; http_method; content:"/simplefastfunnels254/tg-cybersec/releases/download/v2.7.1/tg-cybersec-v2.7.1.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497761/; classtype:trojan-activity;sid:84360861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497760)"; flow:established,from_client; content:"GET"; http_method; content:"/ykn1/dishost/releases/download/1.3.8/dishost.1.3.8.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497760/; classtype:trojan-activity;sid:84360860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497758)"; flow:established,from_client; content:"GET"; http_method; content:"/repirate/asset-recovery-tool/releases/download/v1.7.6/asset-recovery-tool-v1.7.6.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497758/; classtype:trojan-activity;sid:84360858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497755)"; flow:established,from_client; content:"GET"; http_method; content:"/uruguayopr/sword-art-online-fractured-daydream-cheat/releases/download/3.9.3/sword.art.online.fractured.daydream.cheat.v3.9.3.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497755/; classtype:trojan-activity;sid:84360855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497754)"; flow:established,from_client; content:"GET"; http_method; content:"/cxavi10/ddos-protection/releases/download/uncork/ddos-protection-uncork.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497754/; classtype:trojan-activity;sid:84360854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497750)"; flow:established,from_client; content:"GET"; http_method; content:"/reflx-dot/api-pentesting-tools/releases/download/macrogamete/api.pentesting.tools.macrogamete.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497750/; classtype:trojan-activity;sid:84360850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497749)"; flow:established,from_client; content:"GET"; http_method; content:"/sinoyj00/strongvpn/releases/download/pseudobrotherly/strongvpn_pseudobrotherly.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497749/; classtype:trojan-activity;sid:84360849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497748)"; flow:established,from_client; content:"GET"; http_method; content:"/folcon92/brutecheker/releases/download/2.1.0/brutecheker-v2.1.0.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497748/; classtype:trojan-activity;sid:84360848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497746)"; flow:established,from_client; content:"GET"; http_method; content:"/92tino/zenless-zone-zero-menu/releases/download/v2.9.3/zenith-zoom-v2.9.3.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497746/; classtype:trojan-activity;sid:84360846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497744)"; flow:established,from_client; content:"GET"; http_method; content:"/truthtower1/nitro-key/releases/download/v2.2.3/nitro-key_v2.2.3.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497744/; classtype:trojan-activity;sid:84360844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497739)"; flow:established,from_client; content:"GET"; http_method; content:"/ander12342/pugdns/releases/download/1.3.1/pugdns_v1.3.1.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497739/; classtype:trojan-activity;sid:84360839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497734)"; flow:established,from_client; content:"GET"; http_method; content:"/aravind2152/dune-imperium-vision/releases/download/2.3.8/dune-imperium-vision-2.3.8.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497734/; classtype:trojan-activity;sid:84360834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497708)"; flow:established,from_client; content:"GET"; http_method; content:"/stormy2307/esp32-breakout-rust/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497708/; classtype:trojan-activity;sid:84360808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497709)"; flow:established,from_client; content:"GET"; http_method; content:"/stormy2307/esp32-breakout-rust/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497709/; classtype:trojan-activity;sid:84360809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497705)"; flow:established,from_client; content:"GET"; http_method; content:"/kannankannana/fivem-mod-menu/releases/download/v1.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497705/; classtype:trojan-activity;sid:84360805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497706)"; flow:established,from_client; content:"GET"; http_method; content:"/kannankannana/fivem-mod-menu/releases/download/v2.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497706/; classtype:trojan-activity;sid:84360806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497692)"; flow:established,from_client; content:"GET"; http_method; content:"/nuriia-i/palia-script/releases/download/anisoin/palia-script_anisoin.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497692/; classtype:trojan-activity;sid:84360792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497686)"; flow:established,from_client; content:"GET"; http_method; content:"/syestm/marvel-rivals-2025-hack/releases/download/3.5.2/release-marvel-rivals-2025-hack-3-5-2.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497686/; classtype:trojan-activity;sid:84360786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497677)"; flow:established,from_client; content:"GET"; http_method; content:"/devpev777/d/refs/heads/main/r.msi"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497677/; classtype:trojan-activity;sid:84360777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497582)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.140.239.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497582/; classtype:trojan-activity;sid:84360682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.1.187.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497313/; classtype:trojan-activity;sid:84360413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.239.8.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497303/; classtype:trojan-activity;sid:84360403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.186.28.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497306/; classtype:trojan-activity;sid:84360406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.113.95.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497308/; classtype:trojan-activity;sid:84360408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497266)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.23.89.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497266/; classtype:trojan-activity;sid:84360366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497120)"; flow:established,from_client; content:"GET"; http_method; content:"/dodobaba25/repo/refs/heads/master/s64.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3497120/; classtype:trojan-activity;sid:84360220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497121)"; flow:established,from_client; content:"GET"; http_method; content:"/dodobaba25/repo/refs/heads/master/s86.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3497121/; classtype:trojan-activity;sid:84360221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496952)"; flow:established,from_client; content:"GET"; http_method; content:"/benkku25/assets/raw/41f4f8f16b76af39e1bc3f8024b66010dd2617c7/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496952/; classtype:trojan-activity;sid:84360052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496926)"; flow:established,from_client; content:"GET"; http_method; content:"/yfyuy/roblox-blox-fruits-script-2025/releases/download/v3.9.0/roblox.blox.fruits.script.2025.v3.9.0.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496926/; classtype:trojan-activity;sid:84360026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496664)"; flow:established,from_client; content:"GET"; http_method; content:"/syklon99/ai-chatbot-svelte/releases/download/v1.4.9/ai-chatbot-svelte-v1.4.9.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496664/; classtype:trojan-activity;sid:84359764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496663)"; flow:established,from_client; content:"GET"; http_method; content:"/mohamedbama/spider-man-2/releases/download/1.6.7/spider-man-2_v1.6.7.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496663/; classtype:trojan-activity;sid:84359763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496662)"; flow:established,from_client; content:"GET"; http_method; content:"/sigarikafat/xeet/releases/download/1.6.4/xeet_v1.6.4.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496662/; classtype:trojan-activity;sid:84359762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496649)"; flow:established,from_client; content:"GET"; http_method; content:"/cooldudeqwer1/esp32marauder-portal-pwn/releases/download/v1.0/program.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496649/; classtype:trojan-activity;sid:84359749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496647)"; flow:established,from_client; content:"GET"; http_method; content:"/ashhh220711/checkers/releases/download/v1.0/program.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496647/; classtype:trojan-activity;sid:84359747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496645)"; flow:established,from_client; content:"GET"; http_method; content:"/naoval19/tacos/releases/download/v1.0/program.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496645/; classtype:trojan-activity;sid:84359745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496646)"; flow:established,from_client; content:"GET"; http_method; content:"/naoval19/tacos/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496646/; classtype:trojan-activity;sid:84359746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496637)"; flow:established,from_client; content:"GET"; http_method; content:"/tountolover/board-taxomomies/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496637/; classtype:trojan-activity;sid:84359737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496636)"; flow:established,from_client; content:"GET"; http_method; content:"/levinrr/swiftextensions/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496636/; classtype:trojan-activity;sid:84359736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496628)"; flow:established,from_client; content:"GET"; http_method; content:"/vandalyz/nodejs-dockerized-app/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496628/; classtype:trojan-activity;sid:84359728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496631)"; flow:established,from_client; content:"GET"; http_method; content:"/rle123/ai-self-coding-book/releases/download/v1.0/program.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496631/; classtype:trojan-activity;sid:84359731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496634)"; flow:established,from_client; content:"GET"; http_method; content:"/2trk/sillyfiles/releases/download/v1.0/program.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496634/; classtype:trojan-activity;sid:84359734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496635)"; flow:established,from_client; content:"GET"; http_method; content:"/kerlissandro/how-i-stripe/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496635/; classtype:trojan-activity;sid:84359735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496624)"; flow:established,from_client; content:"GET"; http_method; content:"/kerlissandro/how-i-stripe/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496624/; classtype:trojan-activity;sid:84359724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496625)"; flow:established,from_client; content:"GET"; http_method; content:"/vandalyz/nodejs-dockerized-app/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496625/; classtype:trojan-activity;sid:84359725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496626)"; flow:established,from_client; content:"GET"; http_method; content:"/2trk/sillyfiles/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496626/; classtype:trojan-activity;sid:84359726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496607)"; flow:established,from_client; content:"GET"; http_method; content:"/abhishekbathulla/far/releases/download/v3.4.4/far-v3.4.4.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496607/; classtype:trojan-activity;sid:84359707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496606)"; flow:established,from_client; content:"GET"; http_method; content:"/asitiaf/llm-getting-started/releases/download/2.6.8/llm-getting-started-2.6.8.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496606/; classtype:trojan-activity;sid:84359706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496605)"; flow:established,from_client; content:"GET"; http_method; content:"/ayeshamustab/ai-ml-code-interviewer/releases/download/v2.5.8-beta.5/ai-ml-code-interviewer_v2.5.8-beta.5.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496605/; classtype:trojan-activity;sid:84359705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496597)"; flow:established,from_client; content:"GET"; http_method; content:"/juann22/fastmud/releases/download/2.1.1/fastmud.2.1.1.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496597/; classtype:trojan-activity;sid:84359697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496598)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmadsheekhyousef/quicklook-netron/releases/download/uncriticisingly/quicklook-netron-uncriticisingly.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496598/; classtype:trojan-activity;sid:84359698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496599)"; flow:established,from_client; content:"GET"; http_method; content:"/front-writer/llm-engineering-cheatsheet/releases/download/3.3.5-beta.5/llm-engineering-cheatsheet-3.3.5-beta.5.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496599/; classtype:trojan-activity;sid:84359699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496600)"; flow:established,from_client; content:"GET"; http_method; content:"/erik2011/multi-theft-auto-menu/releases/download/2.1.9/multi-theft-auto-menu-2.1.9.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496600/; classtype:trojan-activity;sid:84359700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496602)"; flow:established,from_client; content:"GET"; http_method; content:"/alperenuurlu/mobile-legends-menu/releases/download/v3.3.0/mobile.legends.menu.v3.3.0.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496602/; classtype:trojan-activity;sid:84359702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496604)"; flow:established,from_client; content:"GET"; http_method; content:"/yahabaha/exam-quiz-test/releases/download/v2.9.2/exam-quiz-test-v2.9.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496604/; classtype:trojan-activity;sid:84359704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496588)"; flow:established,from_client; content:"GET"; http_method; content:"/eoleo26/aida64-extreme-free/releases/download/v3.7.6/aida64.extreme.free.v3.7.6.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496588/; classtype:trojan-activity;sid:84359688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496589)"; flow:established,from_client; content:"GET"; http_method; content:"/raqi42/stm32_lcd16x2_library/releases/download/1.6.7-alpha.3/stm32-lcd16x2-library-1.6.7-alpha.3.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496589/; classtype:trojan-activity;sid:84359689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496590)"; flow:established,from_client; content:"GET"; http_method; content:"/redamigo63/copycrafter/releases/download/devolvement/copycrafter_devolvement.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496590/; classtype:trojan-activity;sid:84359690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496591)"; flow:established,from_client; content:"GET"; http_method; content:"/brian124qqr/nero-burning-rom-free/releases/download/1.4.8-beta.3/nero-burning-rom-free-1.4.8-beta.3.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496591/; classtype:trojan-activity;sid:84359691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496592)"; flow:established,from_client; content:"GET"; http_method; content:"/klaus998851/github-achievements/releases/download/3.5.8/github-achievements-3.5.8.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496592/; classtype:trojan-activity;sid:84359692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496594)"; flow:established,from_client; content:"GET"; http_method; content:"/skibidi-crypto/quarkus-openapi-problem/releases/download/v1.4.2/quarkus-openapi-problem-v1.4.2.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496594/; classtype:trojan-activity;sid:84359694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496585)"; flow:established,from_client; content:"GET"; http_method; content:"/aboubakar909/dreamdance/releases/download/v2.5.1/dreamdance.v2.5.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496585/; classtype:trojan-activity;sid:84359685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496564)"; flow:established,from_client; content:"GET"; http_method; content:"/stepbox23/assets/60af1f798cc4708a2872a66cebab351e529e43f8/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496564/; classtype:trojan-activity;sid:84359664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496275)"; flow:established,from_client; content:"GET"; http_method; content:"/akash21-hub/roblox-celery/releases/download/v1.7.0-alpha.2/roblox-celery-v1.7.0-alpha.2.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496275/; classtype:trojan-activity;sid:84359375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496174)"; flow:established,from_client; content:"GET"; http_method; content:"/sarjanachatgpt/dead-rails-ultimate-script-bypass-byfron/releases/download/v2.5.1/dead-rails-ultimate-script-bypass-byfron-v2.5.1.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3496174/; classtype:trojan-activity;sid:84359274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496061)"; flow:established,from_client; content:"GET"; http_method; content:"/eed8989/u/raw/refs/heads/main/ud.bat"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3496061/; classtype:trojan-activity;sid:84359161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496058)"; flow:established,from_client; content:"GET"; http_method; content:"/eed8989/u/raw/main/ud.bat"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3496058/; classtype:trojan-activity;sid:84359158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3495857)"; flow:established,from_client; content:"GET"; http_method; content:"/tsl/downloader.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"tobecation.github.io"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3495857/; classtype:trojan-activity;sid:84358957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3495687)"; flow:established,from_client; content:"GET"; http_method; content:"/temp/weotibaw.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cooptraexxon.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3495687/; classtype:trojan-activity;sid:84358787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3495124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"accesspoint.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_29; reference:url, urlhaus.abuse.ch/url/3495124/; classtype:trojan-activity;sid:84358224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494793)"; flow:established,from_client; content:"GET"; http_method; content:"/dl20"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_29; reference:url, urlhaus.abuse.ch/url/3494793/; classtype:trojan-activity;sid:84357893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494681)"; flow:established,from_client; content:"GET"; http_method; content:"/download/electrum-doge-1.4.2.appimage"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"electrum-dogecoin.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_29; reference:url, urlhaus.abuse.ch/url/3494681/; classtype:trojan-activity;sid:84357781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493868)"; flow:established,from_client; content:"GET"; http_method; content:"/order_svea.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lindenappliances.co.za"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3493868/; classtype:trojan-activity;sid:84356968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493608)"; flow:established,from_client; content:"GET"; http_method; content:"/aussieonzaza/assets/refs/heads/master/launcher.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3493608/; classtype:trojan-activity;sid:84356708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493606)"; flow:established,from_client; content:"GET"; http_method; content:"/khemrinp/brookhaven-script/releases/download/v1.0/release.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3493606/; classtype:trojan-activity;sid:84356706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493604)"; flow:established,from_client; content:"GET"; http_method; content:"/rafael1679/assets/raw/refs/heads/master/launcher.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3493604/; classtype:trojan-activity;sid:84356704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493597)"; flow:established,from_client; content:"GET"; http_method; content:"/makorni/tracex-hwid-spoofer-de/releases/download/v1.8.5-alpha.4/tracex-hwid-spoofer-de_v1.8.5-alpha.4.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3493597/; classtype:trojan-activity;sid:84356697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493102)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.23.17.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3493102/; classtype:trojan-activity;sid:84356202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493095)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.88.113.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3493095/; classtype:trojan-activity;sid:84356195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493088)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.23.89.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3493088/; classtype:trojan-activity;sid:84356188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492619)"; flow:established,from_client; content:"GET"; http_method; content:"/yoiser1/wild-storage/releases/download/v1.0/app.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492619/; classtype:trojan-activity;sid:84355719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492620)"; flow:established,from_client; content:"GET"; http_method; content:"/jo-dll/hb4/releases/download/v2.0/software.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492620/; classtype:trojan-activity;sid:84355720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492621)"; flow:established,from_client; content:"GET"; http_method; content:"/bbget00/wikitok/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492621/; classtype:trojan-activity;sid:84355721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492622)"; flow:established,from_client; content:"GET"; http_method; content:"/abdeu-cpu/coap-mqtt-encryption/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492622/; classtype:trojan-activity;sid:84355722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492618)"; flow:established,from_client; content:"GET"; http_method; content:"/bbget00/wikitok/releases/download/v1.0/app.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492618/; classtype:trojan-activity;sid:84355718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492611)"; flow:established,from_client; content:"GET"; http_method; content:"/forzon96/cataclismo/releases/download/1.4.6/cataclismo_1.4.6.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492611/; classtype:trojan-activity;sid:84355711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492613)"; flow:established,from_client; content:"GET"; http_method; content:"/mjunaid87/tokenset/releases/download/v2.8.1/tokenset.v2.8.1.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492613/; classtype:trojan-activity;sid:84355713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492608)"; flow:established,from_client; content:"GET"; http_method; content:"/joacokia/oopd/releases/download/bretschneideraceae/oopd_bretschneideraceae.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492608/; classtype:trojan-activity;sid:84355708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492601)"; flow:established,from_client; content:"GET"; http_method; content:"/stayns/glpwnme/releases/download/3.1.1/glpwnme-3.1.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492601/; classtype:trojan-activity;sid:84355701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492602)"; flow:established,from_client; content:"GET"; http_method; content:"/catexec/signature-recognition-cnn/releases/download/v1.6.8/signature-recognition-cnn-v1.6.8.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492602/; classtype:trojan-activity;sid:84355702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492604)"; flow:established,from_client; content:"GET"; http_method; content:"/tombalestra/m3-spatial/releases/download/v3.3.4/m3-spatial-v3.3.4.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492604/; classtype:trojan-activity;sid:84355704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492600)"; flow:established,from_client; content:"GET"; http_method; content:"/mardecilnonp568/assasin-creed-shadows/releases/download/v2.7.5/assassin-creed-shadows-v2.7.5.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492600/; classtype:trojan-activity;sid:84355700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492591)"; flow:established,from_client; content:"GET"; http_method; content:"/sudip1801/loyalty/releases/download/v3.4.4-alpha.1/loyalty_v3.4.4-alpha.1.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492591/; classtype:trojan-activity;sid:84355691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492586)"; flow:established,from_client; content:"GET"; http_method; content:"/bosstrung/fedora/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492586/; classtype:trojan-activity;sid:84355686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492580)"; flow:established,from_client; content:"GET"; http_method; content:"/jppb1216/hit-swap-fix/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492580/; classtype:trojan-activity;sid:84355680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492581)"; flow:established,from_client; content:"GET"; http_method; content:"/hzufu/cosmicstar/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492581/; classtype:trojan-activity;sid:84355681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492582)"; flow:established,from_client; content:"GET"; http_method; content:"/hzufu/cosmicstar/releases/download/v1.0/application.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492582/; classtype:trojan-activity;sid:84355682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492584)"; flow:established,from_client; content:"GET"; http_method; content:"/jppb1216/hit-swap-fix/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492584/; classtype:trojan-activity;sid:84355684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492578)"; flow:established,from_client; content:"GET"; http_method; content:"/artinplay123/seed-checker-by-creqtor/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492578/; classtype:trojan-activity;sid:84355678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492579)"; flow:established,from_client; content:"GET"; http_method; content:"/artinplay123/seed-checker-by-creqtor/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492579/; classtype:trojan-activity;sid:84355679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492575)"; flow:established,from_client; content:"GET"; http_method; content:"/taham56/bliss_browser_golo/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492575/; classtype:trojan-activity;sid:84355675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492576)"; flow:established,from_client; content:"GET"; http_method; content:"/taham56/bliss_browser_golo/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492576/; classtype:trojan-activity;sid:84355676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492577)"; flow:established,from_client; content:"GET"; http_method; content:"/antifreezsa/portfolio/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492577/; classtype:trojan-activity;sid:84355677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492563)"; flow:established,from_client; content:"GET"; http_method; content:"/reninstem/productlisting/releases/download/2.6.1/productlisting-2.6.1.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492563/; classtype:trojan-activity;sid:84355663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492557)"; flow:established,from_client; content:"GET"; http_method; content:"/suvam-01/alayalite/releases/download/v1.4.8/alayalite_v1.4.8.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492557/; classtype:trojan-activity;sid:84355657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492553)"; flow:established,from_client; content:"GET"; http_method; content:"/ricardocrc735/navicatpwn/releases/download/3.2.3/navicatpwn-3.2.3.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492553/; classtype:trojan-activity;sid:84355653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492551)"; flow:established,from_client; content:"GET"; http_method; content:"/gayathriemblock/faze-hwid-spoofer-undetected/releases/download/3.7.3/faze-hwid-spoofer-undetected-3-7-3.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492551/; classtype:trojan-activity;sid:84355651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492224)"; flow:established,from_client; content:"GET"; http_method; content:"/lordland929on6/1ab-phantasystaronline2b/releases/download/p7ew0zthra/156qeiu3fhnohcj2.rar"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492224/; classtype:trojan-activity;sid:84355324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492193)"; flow:established,from_client; content:"GET"; http_method; content:"/jaiaiaka/pancake-protectors-crypto-bot-crypto-game-auto-farm-clicker-cheat-token-hack-api/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492193/; classtype:trojan-activity;sid:84355293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492194)"; flow:established,from_client; content:"GET"; http_method; content:"/jaiaiaka/pancake-protectors-crypto-bot-crypto-game-auto-farm-clicker-cheat-token-hack-api/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492194/; classtype:trojan-activity;sid:84355294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492188)"; flow:established,from_client; content:"GET"; http_method; content:"/eding442gfm/1ar-bladeandsoulr/releases/download/4sd7l2qydh/37uji8i2.rar"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492188/; classtype:trojan-activity;sid:84355288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492186)"; flow:established,from_client; content:"GET"; http_method; content:"/eding442gfm/1ax-bladeandsoulx/releases/download/n6seqop1o4/q.rar"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492186/; classtype:trojan-activity;sid:84355286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492168)"; flow:established,from_client; content:"GET"; http_method; content:"/howlux40worthyfp4h/1af-starwars-theoldrepublicf/releases/download/j0ndd81djg/eskf6bqczzc2j.rar"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492168/; classtype:trojan-activity;sid:84355268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492160)"; flow:established,from_client; content:"GET"; http_method; content:"/uragon005/ai-chatbot-svelte/releases/download/v2.4.5/ai-chatbot-svelte_v2.4.5.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492160/; classtype:trojan-activity;sid:84355260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492149)"; flow:established,from_client; content:"GET"; http_method; content:"/serapunk/cheat-escape-from-tarkov/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492149/; classtype:trojan-activity;sid:84355249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492145)"; flow:established,from_client; content:"GET"; http_method; content:"/serapunk/cheat-escape-from-tarkov/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492145/; classtype:trojan-activity;sid:84355245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492148)"; flow:established,from_client; content:"GET"; http_method; content:"/clishine/blade-ball/releases/download/v1.0/release.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492148/; classtype:trojan-activity;sid:84355248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492142)"; flow:established,from_client; content:"GET"; http_method; content:"/clishine/blade-ball/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492142/; classtype:trojan-activity;sid:84355242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492135)"; flow:established,from_client; content:"GET"; http_method; content:"/abdeguay/seed-phrase-generator/releases/download/v1.0/release.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492135/; classtype:trojan-activity;sid:84355235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492134)"; flow:established,from_client; content:"GET"; http_method; content:"/abdeguay/seed-phrase-generator/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492134/; classtype:trojan-activity;sid:84355234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492123)"; flow:established,from_client; content:"GET"; http_method; content:"/mathists9/abaqus-aluminum-bending-ductile-damage-3d/releases/download/2.7.3/release.2.7.3.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492123/; classtype:trojan-activity;sid:84355223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492116)"; flow:established,from_client; content:"GET"; http_method; content:"/averagecoderinohio/crop-disease-identification-model/releases/download/v1.0/release.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492116/; classtype:trojan-activity;sid:84355216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492117)"; flow:established,from_client; content:"GET"; http_method; content:"/averagecoderinohio/crop-disease-identification-model/releases/download/v2.0/software.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492117/; classtype:trojan-activity;sid:84355217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492118)"; flow:established,from_client; content:"GET"; http_method; content:"/aki019aki/godotttttt/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492118/; classtype:trojan-activity;sid:84355218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492112)"; flow:established,from_client; content:"GET"; http_method; content:"/solarcrownyt/learning-sqlx/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492112/; classtype:trojan-activity;sid:84355212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492113)"; flow:established,from_client; content:"GET"; http_method; content:"/aki019aki/godotttttt/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492113/; classtype:trojan-activity;sid:84355213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492099)"; flow:established,from_client; content:"GET"; http_method; content:"/shanabbasi916/about-miguel/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492099/; classtype:trojan-activity;sid:84355199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492098)"; flow:established,from_client; content:"GET"; http_method; content:"/shanabbasi916/about-miguel/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492098/; classtype:trojan-activity;sid:84355198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492094)"; flow:established,from_client; content:"GET"; http_method; content:"/pawela827-2/test/main/vsgraphicsresources.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492094/; classtype:trojan-activity;sid:84355194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492092)"; flow:established,from_client; content:"GET"; http_method; content:"/pawela827-2/test/main/vsgraphicsresources2.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492092/; classtype:trojan-activity;sid:84355192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492086)"; flow:established,from_client; content:"GET"; http_method; content:"/voslol/hack-crypto-wallet/releases/download/croupous/hack-crypto-wallet-croupous.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492086/; classtype:trojan-activity;sid:84355186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492074)"; flow:established,from_client; content:"GET"; http_method; content:"/hakimil/hack-crypto-wallet/releases/download/v2.7.7-beta.4/hack-crypto-wallet-v2.7.7-beta.4.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492074/; classtype:trojan-activity;sid:84355174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492056)"; flow:established,from_client; content:"GET"; http_method; content:"/aussieonzaza/assets/raw/refs/heads/master/launcher.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492056/; classtype:trojan-activity;sid:84355156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.121.103.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491771/; classtype:trojan-activity;sid:84354871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.111.30.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491741/; classtype:trojan-activity;sid:84354841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491653)"; flow:established,from_client; content:"GET"; http_method; content:"/hassan-be/pet-simulator-99-dupe-gui/releases/download/newmarket/pet-simulator-99-dupe-gui-newmarket.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491653/; classtype:trojan-activity;sid:84354753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491554)"; flow:established,from_client; content:"GET"; http_method; content:"/gayfjlover/tracex-hwid-spoofer-de/releases/download/v1.6.6/tracex-hwid-spoofer-de_v1.6.6.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491554/; classtype:trojan-activity;sid:84354654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490874)"; flow:established,from_client; content:"GET"; http_method; content:"/spread.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.144.2.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490874/; classtype:trojan-activity;sid:84353974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490438)"; flow:established,from_client; content:"GET"; http_method; content:"/kenzie299312/hack-crypto-wallet/releases/download/v1.9.0-alpha.1/hack-crypto-wallet-v1.9.0-alpha.1.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490438/; classtype:trojan-activity;sid:84353538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490437)"; flow:established,from_client; content:"GET"; http_method; content:"/kenzie299312/hack-crypto-wallet/releases/download/3.7.6/hack-crypto-wallet_v3.7.6.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490437/; classtype:trojan-activity;sid:84353537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490427)"; flow:established,from_client; content:"GET"; http_method; content:"/rafael1679/assets/refs/heads/master/launcher.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490427/; classtype:trojan-activity;sid:84353527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490409)"; flow:established,from_client; content:"GET"; http_method; content:"/beast2122006/assignment/238415a963aab57f18fd2c2ef60995d7c0b39fe0/library.txt"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490409/; classtype:trojan-activity;sid:84353509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490350)"; flow:established,from_client; content:"GET"; http_method; content:"/ilganrat342/dertyom/refs/heads/main/setup.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490350/; classtype:trojan-activity;sid:84353450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490349)"; flow:established,from_client; content:"GET"; http_method; content:"/rh/setup.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"d3cciiowg5l3jx.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490349/; classtype:trojan-activity;sid:84353449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490313)"; flow:established,from_client; content:"GET"; http_method; content:"/kammywammyman/boyboy/main/chromeupdate.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490313/; classtype:trojan-activity;sid:84353413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490294)"; flow:established,from_client; content:"GET"; http_method; content:"/tacocat2222/materia-fivem/refs/heads/main/loader.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490294/; classtype:trojan-activity;sid:84353394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490235)"; flow:established,from_client; content:"GET"; http_method; content:"/dl18"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490235/; classtype:trojan-activity;sid:84353335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489510)"; flow:established,from_client; content:"GET"; http_method; content:"/theus12324/roblox-appleware/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489510/; classtype:trojan-activity;sid:84352610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489509)"; flow:established,from_client; content:"GET"; http_method; content:"/aldenpogznet22/hamster-bot/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489509/; classtype:trojan-activity;sid:84352609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489505)"; flow:established,from_client; content:"GET"; http_method; content:"/azoresn/roblox-nihon/releases/download/v1.0/executor.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489505/; classtype:trojan-activity;sid:84352605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489507)"; flow:established,from_client; content:"GET"; http_method; content:"/jjgamerz123/roblox-nihon/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489507/; classtype:trojan-activity;sid:84352607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489508)"; flow:established,from_client; content:"GET"; http_method; content:"/worakom99/carbon-executor/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489508/; classtype:trojan-activity;sid:84352608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489502)"; flow:established,from_client; content:"GET"; http_method; content:"/thurynw/uoffice_library_uot/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489502/; classtype:trojan-activity;sid:84352602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489501)"; flow:established,from_client; content:"GET"; http_method; content:"/jamescarlzafra/dx9ware-roblox/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489501/; classtype:trojan-activity;sid:84352601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489474)"; flow:established,from_client; content:"GET"; http_method; content:"/toanminh2004/duan1/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489474/; classtype:trojan-activity;sid:84352574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489476)"; flow:established,from_client; content:"GET"; http_method; content:"/tatooo29/loco/releases/download/v1.0/application.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489476/; classtype:trojan-activity;sid:84352576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489478)"; flow:established,from_client; content:"GET"; http_method; content:"/tatooo29/loco/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489478/; classtype:trojan-activity;sid:84352578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489479)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-2/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489479/; classtype:trojan-activity;sid:84352579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489481)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-proxytv/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489481/; classtype:trojan-activity;sid:84352581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489472)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-proxytv/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489472/; classtype:trojan-activity;sid:84352572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489473)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-2/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489473/; classtype:trojan-activity;sid:84352573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489466)"; flow:established,from_client; content:"GET"; http_method; content:"/justakidthatcode/deez-guess/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489466/; classtype:trojan-activity;sid:84352566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489467)"; flow:established,from_client; content:"GET"; http_method; content:"/lziemniak/pythonproject3src/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489467/; classtype:trojan-activity;sid:84352567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489465)"; flow:established,from_client; content:"GET"; http_method; content:"/kelsey950/bounceoff/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489465/; classtype:trojan-activity;sid:84352565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489455)"; flow:established,from_client; content:"GET"; http_method; content:"/pritamdash143/art-expo/releases/download/v1.0/release_x64.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489455/; classtype:trojan-activity;sid:84352555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489456)"; flow:established,from_client; content:"GET"; http_method; content:"/aliasghar100/milestone-assigment-1/releases/download/v1.0/release_x64.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489456/; classtype:trojan-activity;sid:84352556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489457)"; flow:established,from_client; content:"GET"; http_method; content:"/aliasghar100/milestone-assigment-2/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489457/; classtype:trojan-activity;sid:84352557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489458)"; flow:established,from_client; content:"GET"; http_method; content:"/aliasghar100/milestone-assigment-1/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489458/; classtype:trojan-activity;sid:84352558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489459)"; flow:established,from_client; content:"GET"; http_method; content:"/leydypenaloza/pi_analisis_de_criptomonedas/releases/download/v1.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489459/; classtype:trojan-activity;sid:84352559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489460)"; flow:established,from_client; content:"GET"; http_method; content:"/serapunk/roblox-login.github.io/releases/download/v1.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489460/; classtype:trojan-activity;sid:84352560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489461)"; flow:established,from_client; content:"GET"; http_method; content:"/aliasghar100/milestone-assigment-2/releases/download/v1.0/release_x64.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489461/; classtype:trojan-activity;sid:84352561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489462)"; flow:established,from_client; content:"GET"; http_method; content:"/serapunk/roblox-login.github.io/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489462/; classtype:trojan-activity;sid:84352562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489463)"; flow:established,from_client; content:"GET"; http_method; content:"/leydypenaloza/pi_analisis_de_criptomonedas/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489463/; classtype:trojan-activity;sid:84352563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489464)"; flow:established,from_client; content:"GET"; http_method; content:"/justakidthatcode/deez-guess/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489464/; classtype:trojan-activity;sid:84352564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489451)"; flow:established,from_client; content:"GET"; http_method; content:"/lziemniak/pythonproject3src/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489451/; classtype:trojan-activity;sid:84352551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489452)"; flow:established,from_client; content:"GET"; http_method; content:"/kelsey950/collition-algorithm/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489452/; classtype:trojan-activity;sid:84352552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489428)"; flow:established,from_client; content:"GET"; http_method; content:"/leanx2/leanx/releases/download/v2.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489428/; classtype:trojan-activity;sid:84352528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489436)"; flow:established,from_client; content:"GET"; http_method; content:"/febrixd/nodejs/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489436/; classtype:trojan-activity;sid:84352536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489440)"; flow:established,from_client; content:"GET"; http_method; content:"/leanx2/leanx/releases/download/v1.0/application.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489440/; classtype:trojan-activity;sid:84352540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489411)"; flow:established,from_client; content:"GET"; http_method; content:"/gu446325/gerenciamento-de-eventos3/releases/download/v1.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489411/; classtype:trojan-activity;sid:84352511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489407)"; flow:established,from_client; content:"GET"; http_method; content:"/gu446325/gerenciamento-de-eventos3/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489407/; classtype:trojan-activity;sid:84352507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489369)"; flow:established,from_client; content:"GET"; http_method; content:"/dcfam747/dcfam747.github.io/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489369/; classtype:trojan-activity;sid:84352469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489370)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/yat-website/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489370/; classtype:trojan-activity;sid:84352470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489373)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/dnangel298/releases/download/v1.0/program.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489373/; classtype:trojan-activity;sid:84352473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489375)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/yat-website/releases/download/v1.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489375/; classtype:trojan-activity;sid:84352475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489380)"; flow:established,from_client; content:"GET"; http_method; content:"/thomas636b/skills-introduction-to-github/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489380/; classtype:trojan-activity;sid:84352480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489382)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/yat-website/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489382/; classtype:trojan-activity;sid:84352482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489383)"; flow:established,from_client; content:"GET"; http_method; content:"/dcfam747/dcfam747.github.io/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489383/; classtype:trojan-activity;sid:84352483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489385)"; flow:established,from_client; content:"GET"; http_method; content:"/thomas636b/skills-introduction-to-github/releases/download/v1.0/release.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489385/; classtype:trojan-activity;sid:84352485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489386)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/dnangel298/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489386/; classtype:trojan-activity;sid:84352486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489367)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/dnangel298/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489367/; classtype:trojan-activity;sid:84352467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489333)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/new/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489333/; classtype:trojan-activity;sid:84352433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489336)"; flow:established,from_client; content:"GET"; http_method; content:"/akashnilrecovered/text-formatting-crash-course/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489336/; classtype:trojan-activity;sid:84352436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489339)"; flow:established,from_client; content:"GET"; http_method; content:"/btl-database/front-end/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489339/; classtype:trojan-activity;sid:84352439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489340)"; flow:established,from_client; content:"GET"; http_method; content:"/akashnilrecovered/text-formatting-crash-course/releases/download/v1.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489340/; classtype:trojan-activity;sid:84352440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489330)"; flow:established,from_client; content:"GET"; http_method; content:"/tountolover/tountolover/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489330/; classtype:trojan-activity;sid:84352430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489331)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/new/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489331/; classtype:trojan-activity;sid:84352431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489310)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-authentication-breeze/releases/download/v1.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489310/; classtype:trojan-activity;sid:84352410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489313)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/githubtutorial/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489313/; classtype:trojan-activity;sid:84352413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489314)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-authentication-breeze/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489314/; classtype:trojan-activity;sid:84352414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489315)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/fortify-auth-laravel/releases/download/v1.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489315/; classtype:trojan-activity;sid:84352415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489317)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/newlaravel/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489317/; classtype:trojan-activity;sid:84352417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489307)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/fortify-auth-laravel/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489307/; classtype:trojan-activity;sid:84352407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489308)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/book-e-commerce/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489308/; classtype:trojan-activity;sid:84352408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489300)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/book-e-commerce/releases/download/v1.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489300/; classtype:trojan-activity;sid:84352400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489303)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/newlaravel/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489303/; classtype:trojan-activity;sid:84352403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489272)"; flow:established,from_client; content:"GET"; http_method; content:"/f60n/l.github.io/releases/download/v1.0/application.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489272/; classtype:trojan-activity;sid:84352372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489274)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/frontendmentor/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489274/; classtype:trojan-activity;sid:84352374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489275)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/ui-package-email-verify/releases/download/v2.0/software.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489275/; classtype:trojan-activity;sid:84352375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489280)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/frontendmentor/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489280/; classtype:trojan-activity;sid:84352380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489284)"; flow:established,from_client; content:"GET"; http_method; content:"/f60n/l.github.io/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489284/; classtype:trojan-activity;sid:84352384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489288)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/ui-package-email-verify/releases/download/v1.0/software.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489288/; classtype:trojan-activity;sid:84352388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489265)"; flow:established,from_client; content:"GET"; http_method; content:"/hackslash-nitp/healthcare-web-page/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489265/; classtype:trojan-activity;sid:84352365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489263)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinycompress/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489263/; classtype:trojan-activity;sid:84352363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489264)"; flow:established,from_client; content:"GET"; http_method; content:"/amandwivedi0/device_xiaomi_santoni/releases/download/v1.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489264/; classtype:trojan-activity;sid:84352364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489244)"; flow:established,from_client; content:"GET"; http_method; content:"/confidencemedia/confidencemedia.com/releases/download/v1.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489244/; classtype:trojan-activity;sid:84352344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489245)"; flow:established,from_client; content:"GET"; http_method; content:"/vyshnavidevi11/frtproject/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489245/; classtype:trojan-activity;sid:84352345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489246)"; flow:established,from_client; content:"GET"; http_method; content:"/amineehhhhhhhtopg/grrrrr/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489246/; classtype:trojan-activity;sid:84352346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489247)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_build/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489247/; classtype:trojan-activity;sid:84352347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489248)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_json-c/releases/download/v1.0/application.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489248/; classtype:trojan-activity;sid:84352348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489249)"; flow:established,from_client; content:"GET"; http_method; content:"/hermogenesjr/domu/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489249/; classtype:trojan-activity;sid:84352349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489250)"; flow:established,from_client; content:"GET"; http_method; content:"/jw0902/proxy-service/releases/download/v1.0/app.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489250/; classtype:trojan-activity;sid:84352350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489251)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-ecommerce-project/releases/download/v1.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489251/; classtype:trojan-activity;sid:84352351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489252)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinycompress/releases/download/v1.0/application.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489252/; classtype:trojan-activity;sid:84352352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489253)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_build/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489253/; classtype:trojan-activity;sid:84352353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489254)"; flow:established,from_client; content:"GET"; http_method; content:"/yoiser1/proyecto_final/releases/download/v1.0/app.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489254/; classtype:trojan-activity;sid:84352354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489255)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_selinux/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489255/; classtype:trojan-activity;sid:84352355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489256)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_json-c/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489256/; classtype:trojan-activity;sid:84352356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489257)"; flow:established,from_client; content:"GET"; http_method; content:"/suryaimelandabp/mybot1/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489257/; classtype:trojan-activity;sid:84352357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489258)"; flow:established,from_client; content:"GET"; http_method; content:"/leehanini/leehanini.github.io/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489258/; classtype:trojan-activity;sid:84352358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489260)"; flow:established,from_client; content:"GET"; http_method; content:"/amandwivedi0/device_xiaomi_santoni/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489260/; classtype:trojan-activity;sid:84352360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489261)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinyxml/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489261/; classtype:trojan-activity;sid:84352361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489262)"; flow:established,from_client; content:"GET"; http_method; content:"/yoiser1/final/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489262/; classtype:trojan-activity;sid:84352362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489230)"; flow:established,from_client; content:"GET"; http_method; content:"/yoiser1/proyecto_final/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489230/; classtype:trojan-activity;sid:84352330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489231)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_sqlite/releases/download/v1.0/application.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489231/; classtype:trojan-activity;sid:84352331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489232)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bootable_recovery/releases/download/v1.0/application.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489232/; classtype:trojan-activity;sid:84352332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489234)"; flow:established,from_client; content:"GET"; http_method; content:"/amineehhhhhhhtopg/grrrrr/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489234/; classtype:trojan-activity;sid:84352334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489235)"; flow:established,from_client; content:"GET"; http_method; content:"/suryaimelandabp/mybot1/releases/download/v1.0/app.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489235/; classtype:trojan-activity;sid:84352335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489237)"; flow:established,from_client; content:"GET"; http_method; content:"/nodiq/ranksshow/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489237/; classtype:trojan-activity;sid:84352337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489239)"; flow:established,from_client; content:"GET"; http_method; content:"/leehanini/leehanini.github.io/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489239/; classtype:trojan-activity;sid:84352339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489240)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bionic/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489240/; classtype:trojan-activity;sid:84352340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489241)"; flow:established,from_client; content:"GET"; http_method; content:"/jw0902/proxy-service/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489241/; classtype:trojan-activity;sid:84352341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489242)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_sqlite/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489242/; classtype:trojan-activity;sid:84352342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489243)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-ecommerce-project/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489243/; classtype:trojan-activity;sid:84352343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489227)"; flow:established,from_client; content:"GET"; http_method; content:"/ambassadorscoders/togonon_motiv.poster/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489227/; classtype:trojan-activity;sid:84352327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489228)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bionic/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489228/; classtype:trojan-activity;sid:84352328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489213)"; flow:established,from_client; content:"GET"; http_method; content:"/sriramapriyan/medicinal-plants-classification/releases/download/v1.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489213/; classtype:trojan-activity;sid:84352313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489214)"; flow:established,from_client; content:"GET"; http_method; content:"/eltrapico2/12-03assignment/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489214/; classtype:trojan-activity;sid:84352314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489215)"; flow:established,from_client; content:"GET"; http_method; content:"/cvm010/nucleus/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489215/; classtype:trojan-activity;sid:84352315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489218)"; flow:established,from_client; content:"GET"; http_method; content:"/eltrapico2/eltrapico2/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489218/; classtype:trojan-activity;sid:84352318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489219)"; flow:established,from_client; content:"GET"; http_method; content:"/puram-supriya/amazon/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489219/; classtype:trojan-activity;sid:84352319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489220)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/land/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489220/; classtype:trojan-activity;sid:84352320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489205)"; flow:established,from_client; content:"GET"; http_method; content:"/eltrapico2/fri-app/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489205/; classtype:trojan-activity;sid:84352305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489206)"; flow:established,from_client; content:"GET"; http_method; content:"/essa1212/aku/releases/download/v1.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489206/; classtype:trojan-activity;sid:84352306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489207)"; flow:established,from_client; content:"GET"; http_method; content:"/puram-supriya/ecommerce/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489207/; classtype:trojan-activity;sid:84352307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489210)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/90-days-dsa-challenges/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489210/; classtype:trojan-activity;sid:84352310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489211)"; flow:established,from_client; content:"GET"; http_method; content:"/student-chicken/fit-track-goal-progress/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489211/; classtype:trojan-activity;sid:84352311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489212)"; flow:established,from_client; content:"GET"; http_method; content:"/puram-supriya/resume/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489212/; classtype:trojan-activity;sid:84352312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489202)"; flow:established,from_client; content:"GET"; http_method; content:"/cvm010/movie/releases/download/v1.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489202/; classtype:trojan-activity;sid:84352302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489203)"; flow:established,from_client; content:"GET"; http_method; content:"/vernaloqui/farmer-shubreact/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489203/; classtype:trojan-activity;sid:84352303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489177)"; flow:established,from_client; content:"GET"; http_method; content:"/desmonsd/blazingtool/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489177/; classtype:trojan-activity;sid:84352277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489178)"; flow:established,from_client; content:"GET"; http_method; content:"/djmuro4ever/personal/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489178/; classtype:trojan-activity;sid:84352278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489179)"; flow:established,from_client; content:"GET"; http_method; content:"/desmonsd/blazingtool/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489179/; classtype:trojan-activity;sid:84352279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489176)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/99monisha/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489176/; classtype:trojan-activity;sid:84352276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489173)"; flow:established,from_client; content:"GET"; http_method; content:"/boomerxd69/fixing-error-0xc00000ba/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489173/; classtype:trojan-activity;sid:84352273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489175)"; flow:established,from_client; content:"GET"; http_method; content:"/manuxing/deploy-admin/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489175/; classtype:trojan-activity;sid:84352275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489166)"; flow:established,from_client; content:"GET"; http_method; content:"/manuxing/manuxing/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489166/; classtype:trojan-activity;sid:84352266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489167)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/protfolio-design/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489167/; classtype:trojan-activity;sid:84352267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489168)"; flow:established,from_client; content:"GET"; http_method; content:"/neko-emon/fixing-error-0xc000007b/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489168/; classtype:trojan-activity;sid:84352268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489169)"; flow:established,from_client; content:"GET"; http_method; content:"/ggjgjghggvc/fixing-error-0xc00000ba/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489169/; classtype:trojan-activity;sid:84352269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489170)"; flow:established,from_client; content:"GET"; http_method; content:"/ashwani15upadhyay/weather-app/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489170/; classtype:trojan-activity;sid:84352270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489171)"; flow:established,from_client; content:"GET"; http_method; content:"/matimazzia/worldgame-web/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489171/; classtype:trojan-activity;sid:84352271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489172)"; flow:established,from_client; content:"GET"; http_method; content:"/ashwani15upadhyay/portfolio/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489172/; classtype:trojan-activity;sid:84352272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489164)"; flow:established,from_client; content:"GET"; http_method; content:"/evil-cyber65/prem-ig/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489164/; classtype:trojan-activity;sid:84352264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489165)"; flow:established,from_client; content:"GET"; http_method; content:"/hannah20190/fixing-error-d3dx9-43-dll/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489165/; classtype:trojan-activity;sid:84352265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489153)"; flow:established,from_client; content:"GET"; http_method; content:"/anas200321/kernel-memory-reading-writing/releases/download/v1.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489153/; classtype:trojan-activity;sid:84352253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489154)"; flow:established,from_client; content:"GET"; http_method; content:"/lziemniak/aluraflix/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489154/; classtype:trojan-activity;sid:84352254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489155)"; flow:established,from_client; content:"GET"; http_method; content:"/yosif9999/hamster-clicker/releases/download/v3.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489155/; classtype:trojan-activity;sid:84352255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489156)"; flow:established,from_client; content:"GET"; http_method; content:"/pedjagejmer/digital-resume-builder/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489156/; classtype:trojan-activity;sid:84352256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489157)"; flow:established,from_client; content:"GET"; http_method; content:"/bryanlps/ai-data-scientist-scores-top-1-percent-on-kaggle/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489157/; classtype:trojan-activity;sid:84352257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489147)"; flow:established,from_client; content:"GET"; http_method; content:"/suffer220/bbuild/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489147/; classtype:trojan-activity;sid:84352247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489148)"; flow:established,from_client; content:"GET"; http_method; content:"/bryanlps/ai-data-scientist-scores-top-1-percent-on-kaggle/releases/download/v1.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489148/; classtype:trojan-activity;sid:84352248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489149)"; flow:established,from_client; content:"GET"; http_method; content:"/suffer220/bbuild/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489149/; classtype:trojan-activity;sid:84352249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489150)"; flow:established,from_client; content:"GET"; http_method; content:"/kennethxc33/bliss_browser_codeowners/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489150/; classtype:trojan-activity;sid:84352250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489151)"; flow:established,from_client; content:"GET"; http_method; content:"/yosif9999/hamster-clicker/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489151/; classtype:trojan-activity;sid:84352251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489152)"; flow:established,from_client; content:"GET"; http_method; content:"/kennethxc33/bliss_browser_codeowners/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489152/; classtype:trojan-activity;sid:84352252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489146)"; flow:established,from_client; content:"GET"; http_method; content:"/jorgegael5/tos/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489146/; classtype:trojan-activity;sid:84352246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489144)"; flow:established,from_client; content:"GET"; http_method; content:"/pedjagejmer/digital-resume-builder/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489144/; classtype:trojan-activity;sid:84352244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489145)"; flow:established,from_client; content:"GET"; http_method; content:"/lziemniak/aluraflix/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489145/; classtype:trojan-activity;sid:84352245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489123)"; flow:established,from_client; content:"GET"; http_method; content:"/kayraspro/snake-fruit-game-asmr/releases/download/v1.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489123/; classtype:trojan-activity;sid:84352223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489124)"; flow:established,from_client; content:"GET"; http_method; content:"/mrrobot0404/the-wild-oasis/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489124/; classtype:trojan-activity;sid:84352224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489125)"; flow:established,from_client; content:"GET"; http_method; content:"/mrrobot0404/the-wild-oasis/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489125/; classtype:trojan-activity;sid:84352225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489126)"; flow:established,from_client; content:"GET"; http_method; content:"/guest0689/flutter-starter-app/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489126/; classtype:trojan-activity;sid:84352226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489127)"; flow:established,from_client; content:"GET"; http_method; content:"/drankrych/fakebtcsend/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489127/; classtype:trojan-activity;sid:84352227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489128)"; flow:established,from_client; content:"GET"; http_method; content:"/atom3dx/array-base-scatter-filled/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489128/; classtype:trojan-activity;sid:84352228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489129)"; flow:established,from_client; content:"GET"; http_method; content:"/bluecheatah123/apex/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489129/; classtype:trojan-activity;sid:84352229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489131)"; flow:established,from_client; content:"GET"; http_method; content:"/lethanhdat0403/earnorm/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489131/; classtype:trojan-activity;sid:84352231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489132)"; flow:established,from_client; content:"GET"; http_method; content:"/undenialable/grpc-sso-service/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489132/; classtype:trojan-activity;sid:84352232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489133)"; flow:established,from_client; content:"GET"; http_method; content:"/grahgrahboom/myportfolio/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489133/; classtype:trojan-activity;sid:84352233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489135)"; flow:established,from_client; content:"GET"; http_method; content:"/firematheo00x/chat-app-mern/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489135/; classtype:trojan-activity;sid:84352235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489137)"; flow:established,from_client; content:"GET"; http_method; content:"/monyigamer/bliss_browser_janet/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489137/; classtype:trojan-activity;sid:84352237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489138)"; flow:established,from_client; content:"GET"; http_method; content:"/undenialable/grpc-sso-service/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489138/; classtype:trojan-activity;sid:84352238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489139)"; flow:established,from_client; content:"GET"; http_method; content:"/sheesh7033/10-top-blockchain-project-ideas-for-beginners-and-students-/releases/download/v1.0/software.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489139/; classtype:trojan-activity;sid:84352239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489115)"; flow:established,from_client; content:"GET"; http_method; content:"/brabaoeu/powershell_httpserver/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489115/; classtype:trojan-activity;sid:84352215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489116)"; flow:established,from_client; content:"GET"; http_method; content:"/theboss6921/json-to-typescript/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489116/; classtype:trojan-activity;sid:84352216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489117)"; flow:established,from_client; content:"GET"; http_method; content:"/speedwalker48700/snu_2d_programmingtools_ide_nwscript/releases/download/v2.0/software.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489117/; classtype:trojan-activity;sid:84352217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489118)"; flow:established,from_client; content:"GET"; http_method; content:"/monyigamer/bliss_browser_janet/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489118/; classtype:trojan-activity;sid:84352218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489119)"; flow:established,from_client; content:"GET"; http_method; content:"/tamiur2011/cors-proxy-server-employee-api/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489119/; classtype:trojan-activity;sid:84352219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489120)"; flow:established,from_client; content:"GET"; http_method; content:"/firematheo00x/chat-app-mern/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489120/; classtype:trojan-activity;sid:84352220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489121)"; flow:established,from_client; content:"GET"; http_method; content:"/theboss6921/json-to-typescript/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489121/; classtype:trojan-activity;sid:84352221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489122)"; flow:established,from_client; content:"GET"; http_method; content:"/austinxsome/key-clicker/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489122/; classtype:trojan-activity;sid:84352222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489105)"; flow:established,from_client; content:"GET"; http_method; content:"/preakp90/python_wallpaper_crawler/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489105/; classtype:trojan-activity;sid:84352205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489106)"; flow:established,from_client; content:"GET"; http_method; content:"/shirfor/autoforjob/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489106/; classtype:trojan-activity;sid:84352206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489107)"; flow:established,from_client; content:"GET"; http_method; content:"/shirfor/autoforjob/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489107/; classtype:trojan-activity;sid:84352207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489108)"; flow:established,from_client; content:"GET"; http_method; content:"/probe895/prodigy_wd_01/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489108/; classtype:trojan-activity;sid:84352208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489098)"; flow:established,from_client; content:"GET"; http_method; content:"/juliocesarmara/emojico/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489098/; classtype:trojan-activity;sid:84352198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489099)"; flow:established,from_client; content:"GET"; http_method; content:"/pop144615/wmpignore/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489099/; classtype:trojan-activity;sid:84352199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489100)"; flow:established,from_client; content:"GET"; http_method; content:"/samudark4068/test-interface/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489100/; classtype:trojan-activity;sid:84352200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489104)"; flow:established,from_client; content:"GET"; http_method; content:"/samudark4068/test-interface/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489104/; classtype:trojan-activity;sid:84352204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489097)"; flow:established,from_client; content:"GET"; http_method; content:"/daar12-web/testdmode/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489097/; classtype:trojan-activity;sid:84352197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489094)"; flow:established,from_client; content:"GET"; http_method; content:"/daar12-web/testdmode/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489094/; classtype:trojan-activity;sid:84352194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489095)"; flow:established,from_client; content:"GET"; http_method; content:"/probe895/prodigy_wd_01/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489095/; classtype:trojan-activity;sid:84352195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489090)"; flow:established,from_client; content:"GET"; http_method; content:"/lilanders123/act/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489090/; classtype:trojan-activity;sid:84352190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489088)"; flow:established,from_client; content:"GET"; http_method; content:"/tatooo29/project-hub/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489088/; classtype:trojan-activity;sid:84352188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489089)"; flow:established,from_client; content:"GET"; http_method; content:"/salvix317/bliss_browser_mirah/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489089/; classtype:trojan-activity;sid:84352189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489077)"; flow:established,from_client; content:"GET"; http_method; content:"/1erne/blue-potato-nvidia/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489077/; classtype:trojan-activity;sid:84352177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489078)"; flow:established,from_client; content:"GET"; http_method; content:"/monkeydluffy6956/fixedprojects/releases/download/v1.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489078/; classtype:trojan-activity;sid:84352178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489080)"; flow:established,from_client; content:"GET"; http_method; content:"/tiago1237/react-cooking-ninja/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489080/; classtype:trojan-activity;sid:84352180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489081)"; flow:established,from_client; content:"GET"; http_method; content:"/irineubelutti/pro-portfolio-website/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489081/; classtype:trojan-activity;sid:84352181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489082)"; flow:established,from_client; content:"GET"; http_method; content:"/jimjam112/linktree-template/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489082/; classtype:trojan-activity;sid:84352182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489083)"; flow:established,from_client; content:"GET"; http_method; content:"/tatooo29/project-hub/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489083/; classtype:trojan-activity;sid:84352183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489085)"; flow:established,from_client; content:"GET"; http_method; content:"/gu446325/bliss_browser_odin/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489085/; classtype:trojan-activity;sid:84352185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489086)"; flow:established,from_client; content:"GET"; http_method; content:"/irineubelutti/pro-portfolio-website/releases/download/v1.0/application.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489086/; classtype:trojan-activity;sid:84352186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489087)"; flow:established,from_client; content:"GET"; http_method; content:"/gu446325/bliss_browser_odin/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489087/; classtype:trojan-activity;sid:84352187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489073)"; flow:established,from_client; content:"GET"; http_method; content:"/1erne/blue-potato-nvidia/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489073/; classtype:trojan-activity;sid:84352173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489074)"; flow:established,from_client; content:"GET"; http_method; content:"/jimjam112/linktree-template/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489074/; classtype:trojan-activity;sid:84352174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489075)"; flow:established,from_client; content:"GET"; http_method; content:"/salvix317/bliss_browser_mirah/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489075/; classtype:trojan-activity;sid:84352175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489076)"; flow:established,from_client; content:"GET"; http_method; content:"/monkeydluffy6956/fixedprojects/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489076/; classtype:trojan-activity;sid:84352176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489062)"; flow:established,from_client; content:"GET"; http_method; content:"/syardha/locked-in/releases/download/v1.0/program.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489062/; classtype:trojan-activity;sid:84352162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489063)"; flow:established,from_client; content:"GET"; http_method; content:"/basterfg/myproject/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489063/; classtype:trojan-activity;sid:84352163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489054)"; flow:established,from_client; content:"GET"; http_method; content:"/booody123/manual-brick-breaker/releases/download/v1.0/program.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489054/; classtype:trojan-activity;sid:84352154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489055)"; flow:established,from_client; content:"GET"; http_method; content:"/joshuagamayutin/bytesized.webring/releases/download/v1.0/application.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489055/; classtype:trojan-activity;sid:84352155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489056)"; flow:established,from_client; content:"GET"; http_method; content:"/lucksssssss/flick_share/releases/download/v1.0/application.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489056/; classtype:trojan-activity;sid:84352156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489058)"; flow:established,from_client; content:"GET"; http_method; content:"/lol123123456/flowdown-beta/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489058/; classtype:trojan-activity;sid:84352158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489059)"; flow:established,from_client; content:"GET"; http_method; content:"/lucksssssss/flick_share/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489059/; classtype:trojan-activity;sid:84352159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489060)"; flow:established,from_client; content:"GET"; http_method; content:"/carlosprogramador991/baitroute/releases/download/v1.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489060/; classtype:trojan-activity;sid:84352160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489061)"; flow:established,from_client; content:"GET"; http_method; content:"/carlosprogramador991/baitroute/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489061/; classtype:trojan-activity;sid:84352161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489051)"; flow:established,from_client; content:"GET"; http_method; content:"/brahiim05/indian_migrating_students_analysis/releases/download/v1.0/program.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489051/; classtype:trojan-activity;sid:84352151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489052)"; flow:established,from_client; content:"GET"; http_method; content:"/lol123123456/flowdown-beta/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489052/; classtype:trojan-activity;sid:84352152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489049)"; flow:established,from_client; content:"GET"; http_method; content:"/basterfg/myproject/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489049/; classtype:trojan-activity;sid:84352149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489050)"; flow:established,from_client; content:"GET"; http_method; content:"/joshuagamayutin/bytesized.webring/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489050/; classtype:trojan-activity;sid:84352150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489048)"; flow:established,from_client; content:"GET"; http_method; content:"/syardha/locked-in/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489048/; classtype:trojan-activity;sid:84352148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489046)"; flow:established,from_client; content:"GET"; http_method; content:"/brahiim05/indian_migrating_students_analysis/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489046/; classtype:trojan-activity;sid:84352146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489047)"; flow:established,from_client; content:"GET"; http_method; content:"/booody123/manual-brick-breaker/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489047/; classtype:trojan-activity;sid:84352147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489042)"; flow:established,from_client; content:"GET"; http_method; content:"/ashraff12345/snu_2d_clouddrive_modes_snu/releases/download/v1.0/program.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489042/; classtype:trojan-activity;sid:84352142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489043)"; flow:established,from_client; content:"GET"; http_method; content:"/emilio549/solindexllm/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489043/; classtype:trojan-activity;sid:84352143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489041)"; flow:established,from_client; content:"GET"; http_method; content:"/anthony166-cmyk/codify/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489041/; classtype:trojan-activity;sid:84352141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489031)"; flow:established,from_client; content:"GET"; http_method; content:"/soilder931/djlint-snap/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489031/; classtype:trojan-activity;sid:84352131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489032)"; flow:established,from_client; content:"GET"; http_method; content:"/pedrokax/webscraper-to-identify-which-girls-and-how-many-of-them-my-boyfriend-follows-on-github/releases/download/v1.0/application.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489032/; classtype:trojan-activity;sid:84352132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489034)"; flow:established,from_client; content:"GET"; http_method; content:"/anthony166-cmyk/codify/releases/download/v1.0.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489034/; classtype:trojan-activity;sid:84352134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489035)"; flow:established,from_client; content:"GET"; http_method; content:"/nash-abella/organization-service/releases/download/v1.0.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489035/; classtype:trojan-activity;sid:84352135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489036)"; flow:established,from_client; content:"GET"; http_method; content:"/oneshotviper24/g-n-rateur-de-robots.txt-et-sitemap.xml/releases/download/v1.0/application.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489036/; classtype:trojan-activity;sid:84352136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489038)"; flow:established,from_client; content:"GET"; http_method; content:"/soilder931/djlint-snap/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489038/; classtype:trojan-activity;sid:84352138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489040)"; flow:established,from_client; content:"GET"; http_method; content:"/emilio549/solindexllm/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489040/; classtype:trojan-activity;sid:84352140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489026)"; flow:established,from_client; content:"GET"; http_method; content:"/2jzlove/property-portfolio-forecaster/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489026/; classtype:trojan-activity;sid:84352126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489027)"; flow:established,from_client; content:"GET"; http_method; content:"/nash-abella/organization-service/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489027/; classtype:trojan-activity;sid:84352127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489028)"; flow:established,from_client; content:"GET"; http_method; content:"/pedrokax/webscraper-to-identify-which-girls-and-how-many-of-them-my-boyfriend-follows-on-github/releases/download/v2.0/software.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489028/; classtype:trojan-activity;sid:84352128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489029)"; flow:established,from_client; content:"GET"; http_method; content:"/oneshotviper24/g-n-rateur-de-robots.txt-et-sitemap.xml/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489029/; classtype:trojan-activity;sid:84352129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489025)"; flow:established,from_client; content:"GET"; http_method; content:"/ashraff12345/snu_2d_clouddrive_modes_snu/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489025/; classtype:trojan-activity;sid:84352125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489020)"; flow:established,from_client; content:"GET"; http_method; content:"/tailstheflyingfox/subghost/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489020/; classtype:trojan-activity;sid:84352120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488996)"; flow:established,from_client; content:"GET"; http_method; content:"/majorclient/html-crypto-currency-chart-snippets/releases/download/v2.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488996/; classtype:trojan-activity;sid:84352096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488997)"; flow:established,from_client; content:"GET"; http_method; content:"/zaytosmooth23/metamask-wallet-api-react-web3-extension-connect-blockhain-ethereum/releases/download/v1.0/release.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488997/; classtype:trojan-activity;sid:84352097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488998)"; flow:established,from_client; content:"GET"; http_method; content:"/rizasaurus/car-price-prediction-exercise-with-regression-model/releases/download/v2.0/software.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488998/; classtype:trojan-activity;sid:84352098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488999)"; flow:established,from_client; content:"GET"; http_method; content:"/julianarpr/coinbase-wallet-python-api-wallet-storage-web-browser-multi-crypto-secure-gui/releases/download/v2.0/software.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488999/; classtype:trojan-activity;sid:84352099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489000)"; flow:established,from_client; content:"GET"; http_method; content:"/refloxo/nlp-translator/releases/download/v1.0/soft.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489000/; classtype:trojan-activity;sid:84352100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489001)"; flow:established,from_client; content:"GET"; http_method; content:"/rizasaurus/car-price-prediction-exercise-with-regression-model/releases/download/v1.0/release.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489001/; classtype:trojan-activity;sid:84352101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489002)"; flow:established,from_client; content:"GET"; http_method; content:"/whathedogding/bitpay-crypto-signal-trading-bot-analysis-signal-masters-trading-crypto/releases/download/v1.0/release.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489002/; classtype:trojan-activity;sid:84352102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489003)"; flow:established,from_client; content:"GET"; http_method; content:"/tailstheflyingfox/subghost/releases/download/v1.0/release.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489003/; classtype:trojan-activity;sid:84352103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489004)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v1.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489004/; classtype:trojan-activity;sid:84352104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489005)"; flow:established,from_client; content:"GET"; http_method; content:"/basemnabill/stock-forecasting-rnn/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489005/; classtype:trojan-activity;sid:84352105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489006)"; flow:established,from_client; content:"GET"; http_method; content:"/seiolonmsk/contextindent.nvim/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489006/; classtype:trojan-activity;sid:84352106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489007)"; flow:established,from_client; content:"GET"; http_method; content:"/basemnabill/stock-forecasting-rnn/releases/download/v1.0/application.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489007/; classtype:trojan-activity;sid:84352107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489008)"; flow:established,from_client; content:"GET"; http_method; content:"/jatomsplamkakj/mysql-bootcamp-go-from-sql-beginner-to-expert/releases/download/v1.0/release.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489008/; classtype:trojan-activity;sid:84352108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489009)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclearcatlegit/simple_bank/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489009/; classtype:trojan-activity;sid:84352109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489010)"; flow:established,from_client; content:"GET"; http_method; content:"/seiolonmsk/contextindent.nvim/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489010/; classtype:trojan-activity;sid:84352110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489011)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v1.0/program.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489011/; classtype:trojan-activity;sid:84352111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489013)"; flow:established,from_client; content:"GET"; http_method; content:"/dungtaplaptrinh/ivms/releases/download/v1.0/release.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489013/; classtype:trojan-activity;sid:84352113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489014)"; flow:established,from_client; content:"GET"; http_method; content:"/whathedogding/bitpay-crypto-signal-trading-bot-analysis-signal-masters-trading-crypto/releases/download/v2.0/software.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489014/; classtype:trojan-activity;sid:84352114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489015)"; flow:established,from_client; content:"GET"; http_method; content:"/naiahahah/musicbox/releases/download/v1.0/release.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489015/; classtype:trojan-activity;sid:84352115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489016)"; flow:established,from_client; content:"GET"; http_method; content:"/julianarpr/coinbase-wallet-python-api-wallet-storage-web-browser-multi-crypto-secure-gui/releases/download/v1.0/release.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489016/; classtype:trojan-activity;sid:84352116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488992)"; flow:established,from_client; content:"GET"; http_method; content:"/notnc/android-x64_android5.1_degoogled_edition_docs/releases/download/v1.0/application.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488992/; classtype:trojan-activity;sid:84352092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488993)"; flow:established,from_client; content:"GET"; http_method; content:"/refloxo/nlp-translator/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488993/; classtype:trojan-activity;sid:84352093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488994)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclearcatlegit/simple_bank/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488994/; classtype:trojan-activity;sid:84352094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488995)"; flow:established,from_client; content:"GET"; http_method; content:"/seiolonmsk/contextindent.nvim/releases/download/v1.0/program.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488995/; classtype:trojan-activity;sid:84352095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488989)"; flow:established,from_client; content:"GET"; http_method; content:"/notnc/android-x64_android5.1_degoogled_edition_docs/releases/download/v2.0/software.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488989/; classtype:trojan-activity;sid:84352089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488990)"; flow:established,from_client; content:"GET"; http_method; content:"/dungtaplaptrinh/ivms/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488990/; classtype:trojan-activity;sid:84352090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488983)"; flow:established,from_client; content:"GET"; http_method; content:"/majorclient/html-crypto-currency-chart-snippets/releases/download/v1.0/release.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488983/; classtype:trojan-activity;sid:84352083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488985)"; flow:established,from_client; content:"GET"; http_method; content:"/dredarty/ringsharp/releases/download/v1.0/soft.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488985/; classtype:trojan-activity;sid:84352085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488986)"; flow:established,from_client; content:"GET"; http_method; content:"/zaytosmooth23/metamask-wallet-api-react-web3-extension-connect-blockhain-ethereum/releases/download/v2.0/software.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488986/; classtype:trojan-activity;sid:84352086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488987)"; flow:established,from_client; content:"GET"; http_method; content:"/notnc/android-x64_android5.1_degoogled_edition_docs/releases/download/v1.0/program.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488987/; classtype:trojan-activity;sid:84352087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488988)"; flow:established,from_client; content:"GET"; http_method; content:"/dredarty/ringsharp/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488988/; classtype:trojan-activity;sid:84352088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488964)"; flow:established,from_client; content:"GET"; http_method; content:"/megapuppiedoctor/evo/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488964/; classtype:trojan-activity;sid:84352064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488965)"; flow:established,from_client; content:"GET"; http_method; content:"/bedlessno/binaural/releases/download/v1.0/release.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488965/; classtype:trojan-activity;sid:84352065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488966)"; flow:established,from_client; content:"GET"; http_method; content:"/peloixitu35/javascript-questions-pro/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488966/; classtype:trojan-activity;sid:84352066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488967)"; flow:established,from_client; content:"GET"; http_method; content:"/bardock47/detecteur-de-contenu-ia/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488967/; classtype:trojan-activity;sid:84352067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488968)"; flow:established,from_client; content:"GET"; http_method; content:"/mkailal/traking_app/releases/download/v1.0/release_x64.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488968/; classtype:trojan-activity;sid:84352068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488969)"; flow:established,from_client; content:"GET"; http_method; content:"/peloixitu35/javascript-questions-pro/releases/download/v1.0/program.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488969/; classtype:trojan-activity;sid:84352069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488970)"; flow:established,from_client; content:"GET"; http_method; content:"/mkailal/traking_app/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488970/; classtype:trojan-activity;sid:84352070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488971)"; flow:established,from_client; content:"GET"; http_method; content:"/happie123/milvus-querying/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488971/; classtype:trojan-activity;sid:84352071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488974)"; flow:established,from_client; content:"GET"; http_method; content:"/kentcann/generateur-de-fichiers-.htaccess-pour-redirections-seo/releases/download/v2.0/software.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488974/; classtype:trojan-activity;sid:84352074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488975)"; flow:established,from_client; content:"GET"; http_method; content:"/sinaralay/generateur-de-fil-d-ariane/releases/download/v1.0/release_x64.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488975/; classtype:trojan-activity;sid:84352075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488976)"; flow:established,from_client; content:"GET"; http_method; content:"/happie123/milvus-querying/releases/download/v1.0/release_x64.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488976/; classtype:trojan-activity;sid:84352076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488961)"; flow:established,from_client; content:"GET"; http_method; content:"/bardock47/detecteur-de-contenu-ia/releases/download/v1.0/release_x64.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488961/; classtype:trojan-activity;sid:84352061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488962)"; flow:established,from_client; content:"GET"; http_method; content:"/sinaralay/generateur-de-fil-d-ariane/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488962/; classtype:trojan-activity;sid:84352062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488963)"; flow:established,from_client; content:"GET"; http_method; content:"/brunoesmael/cot_proxy/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488963/; classtype:trojan-activity;sid:84352063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488958)"; flow:established,from_client; content:"GET"; http_method; content:"/kentcann/generateur-de-fichiers-.htaccess-pour-redirections-seo/releases/download/v1.0/release_x64.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488958/; classtype:trojan-activity;sid:84352058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488959)"; flow:established,from_client; content:"GET"; http_method; content:"/megapuppiedoctor/evo/releases/download/v1.0/release.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488959/; classtype:trojan-activity;sid:84352059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488960)"; flow:established,from_client; content:"GET"; http_method; content:"/bedlessno/binaural/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488960/; classtype:trojan-activity;sid:84352060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488949)"; flow:established,from_client; content:"GET"; http_method; content:"/externator/drizzle-next-tauri/releases/download/v1.0/release_x64.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488949/; classtype:trojan-activity;sid:84352049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488950)"; flow:established,from_client; content:"GET"; http_method; content:"/konnuyu/0xbuilder/releases/download/v1.0/release_x64.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488950/; classtype:trojan-activity;sid:84352050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488940)"; flow:established,from_client; content:"GET"; http_method; content:"/finn9633/batchgenie/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488940/; classtype:trojan-activity;sid:84352040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488941)"; flow:established,from_client; content:"GET"; http_method; content:"/konnuyu/0xbuilder/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488941/; classtype:trojan-activity;sid:84352041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488942)"; flow:established,from_client; content:"GET"; http_method; content:"/big0loser/nodepay-bot/releases/download/v1.0/release_x64.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488942/; classtype:trojan-activity;sid:84352042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488943)"; flow:established,from_client; content:"GET"; http_method; content:"/rakkunsatura/p.e.n.i.s./releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488943/; classtype:trojan-activity;sid:84352043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488944)"; flow:established,from_client; content:"GET"; http_method; content:"/big0loser/nodepay-bot/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488944/; classtype:trojan-activity;sid:84352044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488945)"; flow:established,from_client; content:"GET"; http_method; content:"/thiagx08/bue-introduction-to-programming-and-problem-solving/releases/download/v1.0/release_x64.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488945/; classtype:trojan-activity;sid:84352045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488946)"; flow:established,from_client; content:"GET"; http_method; content:"/thiagx08/bue-introduction-to-programming-and-problem-solving/releases/download/v2.0/software.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488946/; classtype:trojan-activity;sid:84352046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488947)"; flow:established,from_client; content:"GET"; http_method; content:"/tocinorng/icecream-screen-recorder-pro-download/releases/download/v1.0/application.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488947/; classtype:trojan-activity;sid:84352047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488948)"; flow:established,from_client; content:"GET"; http_method; content:"/tocinorng/icecream-screen-recorder-pro-download/releases/download/v2.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488948/; classtype:trojan-activity;sid:84352048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488939)"; flow:established,from_client; content:"GET"; http_method; content:"/externator/drizzle-next-tauri/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488939/; classtype:trojan-activity;sid:84352039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488926)"; flow:established,from_client; content:"GET"; http_method; content:"/t7dela/shadowtool/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488926/; classtype:trojan-activity;sid:84352026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488927)"; flow:established,from_client; content:"GET"; http_method; content:"/danblox669/fixing-error-0xc000007b/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488927/; classtype:trojan-activity;sid:84352027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488904)"; flow:established,from_client; content:"GET"; http_method; content:"/ahvaitomanocuvai/shadcn-tour/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488904/; classtype:trojan-activity;sid:84352004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488905)"; flow:established,from_client; content:"GET"; http_method; content:"/tsmdavidyt10kpro/myquest/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488905/; classtype:trojan-activity;sid:84352005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488908)"; flow:established,from_client; content:"GET"; http_method; content:"/malo360/tapsi/releases/download/v1.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488908/; classtype:trojan-activity;sid:84352008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488909)"; flow:established,from_client; content:"GET"; http_method; content:"/malo360/tapsi/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488909/; classtype:trojan-activity;sid:84352009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488910)"; flow:established,from_client; content:"GET"; http_method; content:"/jayvzz121706/basic-geometry-engine/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488910/; classtype:trojan-activity;sid:84352010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488912)"; flow:established,from_client; content:"GET"; http_method; content:"/phillipp09/countriesfacts-quiz/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488912/; classtype:trojan-activity;sid:84352012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488914)"; flow:established,from_client; content:"GET"; http_method; content:"/tsmdavidyt10kpro/myquest/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488914/; classtype:trojan-activity;sid:84352014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488915)"; flow:established,from_client; content:"GET"; http_method; content:"/phillipp09/countriesfacts-quiz/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488915/; classtype:trojan-activity;sid:84352015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488916)"; flow:established,from_client; content:"GET"; http_method; content:"/ghzfps/mastering-mern-with-react/releases/download/v1.0/application.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488916/; classtype:trojan-activity;sid:84352016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488918)"; flow:established,from_client; content:"GET"; http_method; content:"/ghzfps/mastering-mern-with-react/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488918/; classtype:trojan-activity;sid:84352018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488919)"; flow:established,from_client; content:"GET"; http_method; content:"/leydypenaloza/oade_openvoices/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488919/; classtype:trojan-activity;sid:84352019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488920)"; flow:established,from_client; content:"GET"; http_method; content:"/leydypenaloza/oade_openvoices/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488920/; classtype:trojan-activity;sid:84352020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488921)"; flow:established,from_client; content:"GET"; http_method; content:"/jayvzz121706/basic-geometry-engine/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488921/; classtype:trojan-activity;sid:84352021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488903)"; flow:established,from_client; content:"GET"; http_method; content:"/ghzfps/mastering-mern-with-react/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488903/; classtype:trojan-activity;sid:84352003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488892)"; flow:established,from_client; content:"GET"; http_method; content:"/nezukoontop/orbia/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488892/; classtype:trojan-activity;sid:84351992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488893)"; flow:established,from_client; content:"GET"; http_method; content:"/clearlyaxgen/to-do-task-app-with-oracle-apex/releases/download/v1.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488893/; classtype:trojan-activity;sid:84351993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488894)"; flow:established,from_client; content:"GET"; http_method; content:"/ilayking/exam-surveillance-platform/releases/download/v1.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488894/; classtype:trojan-activity;sid:84351994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488895)"; flow:established,from_client; content:"GET"; http_method; content:"/clearlyaxgen/to-do-task-app-with-oracle-apex/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488895/; classtype:trojan-activity;sid:84351995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488896)"; flow:established,from_client; content:"GET"; http_method; content:"/fallidox/varzesh3/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488896/; classtype:trojan-activity;sid:84351996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488897)"; flow:established,from_client; content:"GET"; http_method; content:"/itallo1122/csharp-devcontainer-template/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488897/; classtype:trojan-activity;sid:84351997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488898)"; flow:established,from_client; content:"GET"; http_method; content:"/nezukoontop/orbia/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488898/; classtype:trojan-activity;sid:84351998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488891)"; flow:established,from_client; content:"GET"; http_method; content:"/ilayking/exam-surveillance-platform/releases/download/v2.0/release_x64.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488891/; classtype:trojan-activity;sid:84351991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488890)"; flow:established,from_client; content:"GET"; http_method; content:"/samix151210/ndarray-base-normalize-indices/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488890/; classtype:trojan-activity;sid:84351990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488883)"; flow:established,from_client; content:"GET"; http_method; content:"/kirukazuma/react-ulbitv/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488883/; classtype:trojan-activity;sid:84351983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488884)"; flow:established,from_client; content:"GET"; http_method; content:"/simoqanboui/dawn-validator-bot-js/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488884/; classtype:trojan-activity;sid:84351984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488881)"; flow:established,from_client; content:"GET"; http_method; content:"/simoqanboui/dawn-validator-bot-js/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488881/; classtype:trojan-activity;sid:84351981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488880)"; flow:established,from_client; content:"GET"; http_method; content:"/asdadadsaasdsadas991/database-project/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488880/; classtype:trojan-activity;sid:84351980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488872)"; flow:established,from_client; content:"GET"; http_method; content:"/jonatanelmaspro2023/ailert-nextjs/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488872/; classtype:trojan-activity;sid:84351972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488873)"; flow:established,from_client; content:"GET"; http_method; content:"/hyuki875/transformers/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488873/; classtype:trojan-activity;sid:84351973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488874)"; flow:established,from_client; content:"GET"; http_method; content:"/merosegamerx/pizza_webapp/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488874/; classtype:trojan-activity;sid:84351974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488875)"; flow:established,from_client; content:"GET"; http_method; content:"/tinhuynh123/secluded/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488875/; classtype:trojan-activity;sid:84351975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488877)"; flow:established,from_client; content:"GET"; http_method; content:"/nguyenquy19/fit-track-goals-app/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488877/; classtype:trojan-activity;sid:84351977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488879)"; flow:established,from_client; content:"GET"; http_method; content:"/merosegamerx/pizza_webapp/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488879/; classtype:trojan-activity;sid:84351979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488867)"; flow:established,from_client; content:"GET"; http_method; content:"/marionerjattv/lapack-base-zlacpy/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488867/; classtype:trojan-activity;sid:84351967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488868)"; flow:established,from_client; content:"GET"; http_method; content:"/marionerjattv/lapack-base-zlacpy/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488868/; classtype:trojan-activity;sid:84351968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488869)"; flow:established,from_client; content:"GET"; http_method; content:"/hkabj/codefetch/releases/download/v1.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488869/; classtype:trojan-activity;sid:84351969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488870)"; flow:established,from_client; content:"GET"; http_method; content:"/dandygamer198981/bliss_browser_mint/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488870/; classtype:trojan-activity;sid:84351970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488865)"; flow:established,from_client; content:"GET"; http_method; content:"/hkabj/codefetch/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488865/; classtype:trojan-activity;sid:84351965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488866)"; flow:established,from_client; content:"GET"; http_method; content:"/charles100000/twitch-clone/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488866/; classtype:trojan-activity;sid:84351966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488863)"; flow:established,from_client; content:"GET"; http_method; content:"/ligdeezznuts/bliss_browser_jcl/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488863/; classtype:trojan-activity;sid:84351963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488857)"; flow:established,from_client; content:"GET"; http_method; content:"/enessah00/adaptive-classifier/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488857/; classtype:trojan-activity;sid:84351957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488845)"; flow:established,from_client; content:"GET"; http_method; content:"/benbonbun/carvisionai/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488845/; classtype:trojan-activity;sid:84351945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488848)"; flow:established,from_client; content:"GET"; http_method; content:"/benbonbun/carvisionai/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488848/; classtype:trojan-activity;sid:84351948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488849)"; flow:established,from_client; content:"GET"; http_method; content:"/astral-ash/deployeride-erc20-toolkit/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488849/; classtype:trojan-activity;sid:84351949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488850)"; flow:established,from_client; content:"GET"; http_method; content:"/kleteee/injectra/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488850/; classtype:trojan-activity;sid:84351950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488851)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed2006-cmd/carrepairreservationsystem-loginpage/releases/download/v1.0/software.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488851/; classtype:trojan-activity;sid:84351951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488852)"; flow:established,from_client; content:"GET"; http_method; content:"/thalik330/bliss_browser_jison-lex/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488852/; classtype:trojan-activity;sid:84351952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488854)"; flow:established,from_client; content:"GET"; http_method; content:"/astral-ash/deployeride-erc20-toolkit/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488854/; classtype:trojan-activity;sid:84351954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488855)"; flow:established,from_client; content:"GET"; http_method; content:"/enessah00/adaptive-classifier/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488855/; classtype:trojan-activity;sid:84351955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488841)"; flow:established,from_client; content:"GET"; http_method; content:"/edgaras980/audiocrypt/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488841/; classtype:trojan-activity;sid:84351941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488842)"; flow:established,from_client; content:"GET"; http_method; content:"/imenapr/crime-news-ai-nlp-machine-learning/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488842/; classtype:trojan-activity;sid:84351942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488843)"; flow:established,from_client; content:"GET"; http_method; content:"/softnightmare/fit-goals/releases/download/v1.0/application.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488843/; classtype:trojan-activity;sid:84351943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488840)"; flow:established,from_client; content:"GET"; http_method; content:"/yuxiangwuzhang/prodigy_wd_02/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488840/; classtype:trojan-activity;sid:84351940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488839)"; flow:established,from_client; content:"GET"; http_method; content:"/imenapr/crime-news-ai-nlp-machine-learning/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488839/; classtype:trojan-activity;sid:84351939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488835)"; flow:established,from_client; content:"GET"; http_method; content:"/brehdonacounter/contact-form1-main/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488835/; classtype:trojan-activity;sid:84351935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488837)"; flow:established,from_client; content:"GET"; http_method; content:"/yuxiangwuzhang/prodigy_wd_02/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488837/; classtype:trojan-activity;sid:84351937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488831)"; flow:established,from_client; content:"GET"; http_method; content:"/frebirus/poll-maker/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488831/; classtype:trojan-activity;sid:84351931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488832)"; flow:established,from_client; content:"GET"; http_method; content:"/edgaras980/audiocrypt/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488832/; classtype:trojan-activity;sid:84351932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488833)"; flow:established,from_client; content:"GET"; http_method; content:"/vzcar/bliss_browser_turtle/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488833/; classtype:trojan-activity;sid:84351933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488826)"; flow:established,from_client; content:"GET"; http_method; content:"/softnightmare/fit-goals/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488826/; classtype:trojan-activity;sid:84351926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488827)"; flow:established,from_client; content:"GET"; http_method; content:"/frebirus/poll-maker/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488827/; classtype:trojan-activity;sid:84351927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488828)"; flow:established,from_client; content:"GET"; http_method; content:"/vzcar/bliss_browser_turtle/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488828/; classtype:trojan-activity;sid:84351928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488829)"; flow:established,from_client; content:"GET"; http_method; content:"/brehdonacounter/contact-form1-main/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488829/; classtype:trojan-activity;sid:84351929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488811)"; flow:established,from_client; content:"GET"; http_method; content:"/baconlitoshub/asyncrat-fud-fixed-dll-remote-administration-tool-new/releases/download/v1.0/application.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488811/; classtype:trojan-activity;sid:84351911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488819)"; flow:established,from_client; content:"GET"; http_method; content:"/ozziesforest/translatesheet-examples/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488819/; classtype:trojan-activity;sid:84351919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488821)"; flow:established,from_client; content:"GET"; http_method; content:"/feelingfishy/challenge-backend-anotaai/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488821/; classtype:trojan-activity;sid:84351921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488822)"; flow:established,from_client; content:"GET"; http_method; content:"/nsgaming999/lottery/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488822/; classtype:trojan-activity;sid:84351922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488797)"; flow:established,from_client; content:"GET"; http_method; content:"/ozziesforest/translatesheet-examples/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488797/; classtype:trojan-activity;sid:84351897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488798)"; flow:established,from_client; content:"GET"; http_method; content:"/leanx2/springboot-api-rest/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488798/; classtype:trojan-activity;sid:84351898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488799)"; flow:established,from_client; content:"GET"; http_method; content:"/ruka232323/network-traffic-visualizer/releases/download/v1.0/application.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488799/; classtype:trojan-activity;sid:84351899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488800)"; flow:established,from_client; content:"GET"; http_method; content:"/feelingfishy/challenge-backend-anotaai/releases/download/v1.0/application.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488800/; classtype:trojan-activity;sid:84351900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488802)"; flow:established,from_client; content:"GET"; http_method; content:"/ruka232323/network-traffic-visualizer/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488802/; classtype:trojan-activity;sid:84351902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488804)"; flow:established,from_client; content:"GET"; http_method; content:"/shiffy22/awesome-portfolio/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488804/; classtype:trojan-activity;sid:84351904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488806)"; flow:established,from_client; content:"GET"; http_method; content:"/pietro152/tgbot-for-orders/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488806/; classtype:trojan-activity;sid:84351906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488809)"; flow:established,from_client; content:"GET"; http_method; content:"/jaydenth/churn-prediction/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488809/; classtype:trojan-activity;sid:84351909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488787)"; flow:established,from_client; content:"GET"; http_method; content:"/leanx2/springboot-api-rest/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488787/; classtype:trojan-activity;sid:84351887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488790)"; flow:established,from_client; content:"GET"; http_method; content:"/baconlitoshub/asyncrat-fud-fixed-dll-remote-administration-tool-new/releases/download/v2.0/software.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488790/; classtype:trojan-activity;sid:84351890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488793)"; flow:established,from_client; content:"GET"; http_method; content:"/nsgaming999/lottery/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488793/; classtype:trojan-activity;sid:84351893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488794)"; flow:established,from_client; content:"GET"; http_method; content:"/shiffy22/awesome-portfolio/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488794/; classtype:trojan-activity;sid:84351894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488795)"; flow:established,from_client; content:"GET"; http_method; content:"/pietro152/tgbot-for-orders/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488795/; classtype:trojan-activity;sid:84351895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488785)"; flow:established,from_client; content:"GET"; http_method; content:"/jaydenth/churn-prediction/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488785/; classtype:trojan-activity;sid:84351885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488781)"; flow:established,from_client; content:"GET"; http_method; content:"/millansan12/random-mnemonic-phrase-generator/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488781/; classtype:trojan-activity;sid:84351881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488770)"; flow:established,from_client; content:"GET"; http_method; content:"/millansan12/random-mnemonic-phrase-generator/releases/download/v1.0/application.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488770/; classtype:trojan-activity;sid:84351870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488771)"; flow:established,from_client; content:"GET"; http_method; content:"/antoniomrbr/cosmicstar/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488771/; classtype:trojan-activity;sid:84351871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488778)"; flow:established,from_client; content:"GET"; http_method; content:"/sickclaymaker/text-processing-tool/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488778/; classtype:trojan-activity;sid:84351878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488779)"; flow:established,from_client; content:"GET"; http_method; content:"/hza3o/covid-19_dashboard/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488779/; classtype:trojan-activity;sid:84351879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488780)"; flow:established,from_client; content:"GET"; http_method; content:"/hza3o/covid-19_dashboard/releases/download/v1.0.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488780/; classtype:trojan-activity;sid:84351880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488768)"; flow:established,from_client; content:"GET"; http_method; content:"/antoniomrbr/cosmicstar/releases/download/v1.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488768/; classtype:trojan-activity;sid:84351868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488769)"; flow:established,from_client; content:"GET"; http_method; content:"/relic87/blox-fruits-script-roblox/releases/download/v1.0/program.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488769/; classtype:trojan-activity;sid:84351869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488765)"; flow:established,from_client; content:"GET"; http_method; content:"/1set-t/ai-model/releases/download/v1.0.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488765/; classtype:trojan-activity;sid:84351865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488758)"; flow:established,from_client; content:"GET"; http_method; content:"/1set-t/ai-model/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488758/; classtype:trojan-activity;sid:84351858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488760)"; flow:established,from_client; content:"GET"; http_method; content:"/12345far/metrics-calculation-precision-recall/releases/download/v1.0/program.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488760/; classtype:trojan-activity;sid:84351860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488763)"; flow:established,from_client; content:"GET"; http_method; content:"/croissant-a/yahoo-finance/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488763/; classtype:trojan-activity;sid:84351863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488757)"; flow:established,from_client; content:"GET"; http_method; content:"/croissant-a/yahoo-finance/releases/download/v1.0.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488757/; classtype:trojan-activity;sid:84351857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488755)"; flow:established,from_client; content:"GET"; http_method; content:"/mah-22/room-occupancy-prediction-using-environmental-sensor-data/releases/download/v1.0/application.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488755/; classtype:trojan-activity;sid:84351855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488746)"; flow:established,from_client; content:"GET"; http_method; content:"/mah-22/room-occupancy-prediction-using-environmental-sensor-data/releases/download/v2.0/software.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488746/; classtype:trojan-activity;sid:84351846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488747)"; flow:established,from_client; content:"GET"; http_method; content:"/willpro34/in-surely/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488747/; classtype:trojan-activity;sid:84351847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488748)"; flow:established,from_client; content:"GET"; http_method; content:"/willpro34/in-surely/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488748/; classtype:trojan-activity;sid:84351848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488749)"; flow:established,from_client; content:"GET"; http_method; content:"/sytheflay1/oneclick-image-downloader-extension/releases/download/v1.0/application.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488749/; classtype:trojan-activity;sid:84351849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488751)"; flow:established,from_client; content:"GET"; http_method; content:"/serbianty/eureka-framework/releases/download/v1.0/soft.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488751/; classtype:trojan-activity;sid:84351851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488752)"; flow:established,from_client; content:"GET"; http_method; content:"/serbianty/eureka-framework/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488752/; classtype:trojan-activity;sid:84351852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488753)"; flow:established,from_client; content:"GET"; http_method; content:"/sytheflay1/oneclick-image-downloader-extension/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488753/; classtype:trojan-activity;sid:84351853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488754)"; flow:established,from_client; content:"GET"; http_method; content:"/dcaiimage2/utils-linux/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488754/; classtype:trojan-activity;sid:84351854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488745)"; flow:established,from_client; content:"GET"; http_method; content:"/dcaiimage2/utils-linux/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488745/; classtype:trojan-activity;sid:84351845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488729)"; flow:established,from_client; content:"GET"; http_method; content:"/jaylnjohnart/vertex-ai-chat-prompting-tablular-data-bq/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488729/; classtype:trojan-activity;sid:84351829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488730)"; flow:established,from_client; content:"GET"; http_method; content:"/mrx-slayer/ai-resume-parser/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488730/; classtype:trojan-activity;sid:84351830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488731)"; flow:established,from_client; content:"GET"; http_method; content:"/levdlyon/u6143_ssd1306-oled-display-setup-for-raspberry-pi/releases/download/v2.0/software.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488731/; classtype:trojan-activity;sid:84351831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488732)"; flow:established,from_client; content:"GET"; http_method; content:"/mrx-slayer/ai-resume-parser/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488732/; classtype:trojan-activity;sid:84351832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488733)"; flow:established,from_client; content:"GET"; http_method; content:"/papajszef/web-devapp/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488733/; classtype:trojan-activity;sid:84351833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488734)"; flow:established,from_client; content:"GET"; http_method; content:"/gopuatop100/badan-hukum/releases/download/v1.0/release.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488734/; classtype:trojan-activity;sid:84351834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488735)"; flow:established,from_client; content:"GET"; http_method; content:"/jobetsison/working-with-form-validation-in-an-asp.net-core-rich-text-editor/releases/download/v1.0/program.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488735/; classtype:trojan-activity;sid:84351835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488736)"; flow:established,from_client; content:"GET"; http_method; content:"/papajszef/web-devapp/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488736/; classtype:trojan-activity;sid:84351836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488737)"; flow:established,from_client; content:"GET"; http_method; content:"/kdieu1/avast-cleanup/releases/download/v1.0/release.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488737/; classtype:trojan-activity;sid:84351837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488738)"; flow:established,from_client; content:"GET"; http_method; content:"/kdieu1/avast-cleanup/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488738/; classtype:trojan-activity;sid:84351838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488739)"; flow:established,from_client; content:"GET"; http_method; content:"/mrx-slayer/ai-resume-parser/releases/download/v1.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488739/; classtype:trojan-activity;sid:84351839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488740)"; flow:established,from_client; content:"GET"; http_method; content:"/as3dyasen/portfolio/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488740/; classtype:trojan-activity;sid:84351840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488741)"; flow:established,from_client; content:"GET"; http_method; content:"/jakester2020/designsystem/releases/download/v1.0/release.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488741/; classtype:trojan-activity;sid:84351841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488742)"; flow:established,from_client; content:"GET"; http_method; content:"/as3dyasen/portfolio/releases/download/v1.0/release.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488742/; classtype:trojan-activity;sid:84351842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488725)"; flow:established,from_client; content:"GET"; http_method; content:"/gopuatop100/badan-hukum/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488725/; classtype:trojan-activity;sid:84351825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488726)"; flow:established,from_client; content:"GET"; http_method; content:"/levdlyon/u6143_ssd1306-oled-display-setup-for-raspberry-pi/releases/download/v1.0/application.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488726/; classtype:trojan-activity;sid:84351826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488727)"; flow:established,from_client; content:"GET"; http_method; content:"/jakester2020/designsystem/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488727/; classtype:trojan-activity;sid:84351827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488728)"; flow:established,from_client; content:"GET"; http_method; content:"/jobetsison/working-with-form-validation-in-an-asp.net-core-rich-text-editor/releases/download/v2.0/software.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488728/; classtype:trojan-activity;sid:84351828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488722)"; flow:established,from_client; content:"GET"; http_method; content:"/jaylnjohnart/vertex-ai-chat-prompting-tablular-data-bq/releases/download/v1.0/program.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488722/; classtype:trojan-activity;sid:84351822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488723)"; flow:established,from_client; content:"GET"; http_method; content:"/papajszef/web-devapp/releases/download/v1.0/program.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488723/; classtype:trojan-activity;sid:84351823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488724)"; flow:established,from_client; content:"GET"; http_method; content:"/levdlyon/u6143_ssd1306-oled-display-setup-for-raspberry-pi/releases/download/v1.0/program.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488724/; classtype:trojan-activity;sid:84351824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488721)"; flow:established,from_client; content:"GET"; http_method; content:"/byluu55/lumokit/releases/download/v1.0/program.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488721/; classtype:trojan-activity;sid:84351821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488720)"; flow:established,from_client; content:"GET"; http_method; content:"/azw1/suction-funnel-for-bosch-click-clean-system/releases/download/v1.0/program.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488720/; classtype:trojan-activity;sid:84351820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488711)"; flow:established,from_client; content:"GET"; http_method; content:"/zrty456/web-development-project-2/releases/download/v1.0/program.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488711/; classtype:trojan-activity;sid:84351811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488712)"; flow:established,from_client; content:"GET"; http_method; content:"/tekin441/urban_company_clone/releases/download/v1.0/program.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488712/; classtype:trojan-activity;sid:84351812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488713)"; flow:established,from_client; content:"GET"; http_method; content:"/tekin441/urban_company_clone/releases/download/v1.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488713/; classtype:trojan-activity;sid:84351813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488714)"; flow:established,from_client; content:"GET"; http_method; content:"/flameoptics/xkucoinbot-script-autoclicker/releases/download/v1.0/program.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488714/; classtype:trojan-activity;sid:84351814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488715)"; flow:established,from_client; content:"GET"; http_method; content:"/turdtalker33/fitlink-fitness-tracker/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488715/; classtype:trojan-activity;sid:84351815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488716)"; flow:established,from_client; content:"GET"; http_method; content:"/flameoptics/xkucoinbot-script-autoclicker/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488716/; classtype:trojan-activity;sid:84351816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488717)"; flow:established,from_client; content:"GET"; http_method; content:"/psxdupes028/comfyui-bs_kokoro-onnx/releases/download/v1.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488717/; classtype:trojan-activity;sid:84351817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488705)"; flow:established,from_client; content:"GET"; http_method; content:"/byluu55/lumokit/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488705/; classtype:trojan-activity;sid:84351805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488706)"; flow:established,from_client; content:"GET"; http_method; content:"/zrty456/web-development-project-2/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488706/; classtype:trojan-activity;sid:84351806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488707)"; flow:established,from_client; content:"GET"; http_method; content:"/gelou-moe/chattify/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488707/; classtype:trojan-activity;sid:84351807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488708)"; flow:established,from_client; content:"GET"; http_method; content:"/azw1/suction-funnel-for-bosch-click-clean-system/releases/download/v1.0/application.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488708/; classtype:trojan-activity;sid:84351808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488710)"; flow:established,from_client; content:"GET"; http_method; content:"/turdtalker33/fitlink-fitness-tracker/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488710/; classtype:trojan-activity;sid:84351810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488702)"; flow:established,from_client; content:"GET"; http_method; content:"/tekin441/urban_company_clone/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488702/; classtype:trojan-activity;sid:84351802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488703)"; flow:established,from_client; content:"GET"; http_method; content:"/azw1/suction-funnel-for-bosch-click-clean-system/releases/download/v2.0/software.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488703/; classtype:trojan-activity;sid:84351803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488704)"; flow:established,from_client; content:"GET"; http_method; content:"/psxdupes028/comfyui-bs_kokoro-onnx/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488704/; classtype:trojan-activity;sid:84351804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488700)"; flow:established,from_client; content:"GET"; http_method; content:"/b143659/mern-book-search-engine/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488700/; classtype:trojan-activity;sid:84351800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488701)"; flow:established,from_client; content:"GET"; http_method; content:"/gelou-moe/chattify/releases/download/v1.0/soft.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488701/; classtype:trojan-activity;sid:84351801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488699)"; flow:established,from_client; content:"GET"; http_method; content:"/psxdupes028/comfyui-bs_kokoro-onnx/releases/download/v1.0/program.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488699/; classtype:trojan-activity;sid:84351799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488697)"; flow:established,from_client; content:"GET"; http_method; content:"/hirosugoi/pi_full_monitor/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488697/; classtype:trojan-activity;sid:84351797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488684)"; flow:established,from_client; content:"GET"; http_method; content:"/antonio12gkn71/underlayer/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488684/; classtype:trojan-activity;sid:84351784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488685)"; flow:established,from_client; content:"GET"; http_method; content:"/yamenstarxtheking/sumitrmalik.io/releases/download/v1.0/soft.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488685/; classtype:trojan-activity;sid:84351785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488686)"; flow:established,from_client; content:"GET"; http_method; content:"/sundarlalji/autoimport/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488686/; classtype:trojan-activity;sid:84351786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488687)"; flow:established,from_client; content:"GET"; http_method; content:"/peashooter0001/ublue-os-cosmic/releases/download/v1.0/soft.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488687/; classtype:trojan-activity;sid:84351787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488689)"; flow:established,from_client; content:"GET"; http_method; content:"/lxlstepsup/event-management/releases/download/v1.0.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488689/; classtype:trojan-activity;sid:84351789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488690)"; flow:established,from_client; content:"GET"; http_method; content:"/lxlstepsup/event-management/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488690/; classtype:trojan-activity;sid:84351790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488691)"; flow:established,from_client; content:"GET"; http_method; content:"/ajain1414/web-analyzer-frontend/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488691/; classtype:trojan-activity;sid:84351791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488692)"; flow:established,from_client; content:"GET"; http_method; content:"/rafinha0rafinha/web-analyzer-backend/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488692/; classtype:trojan-activity;sid:84351792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488693)"; flow:established,from_client; content:"GET"; http_method; content:"/yamenstarxtheking/sumitrmalik.io/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488693/; classtype:trojan-activity;sid:84351793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488694)"; flow:established,from_client; content:"GET"; http_method; content:"/ajain1414/web-analyzer-frontend/releases/download/v1.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488694/; classtype:trojan-activity;sid:84351794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488695)"; flow:established,from_client; content:"GET"; http_method; content:"/cobra90vr/php-supabase-comments/releases/download/v1.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488695/; classtype:trojan-activity;sid:84351795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488696)"; flow:established,from_client; content:"GET"; http_method; content:"/rafinha0rafinha/web-analyzer-backend/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488696/; classtype:trojan-activity;sid:84351796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488680)"; flow:established,from_client; content:"GET"; http_method; content:"/cobra90vr/php-supabase-comments/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488680/; classtype:trojan-activity;sid:84351780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488681)"; flow:established,from_client; content:"GET"; http_method; content:"/sinaa77/pixelated/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488681/; classtype:trojan-activity;sid:84351781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488682)"; flow:established,from_client; content:"GET"; http_method; content:"/sundarlalji/autoimport/releases/download/v1.0.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488682/; classtype:trojan-activity;sid:84351782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488683)"; flow:established,from_client; content:"GET"; http_method; content:"/sinaa77/pixelated/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488683/; classtype:trojan-activity;sid:84351783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488679)"; flow:established,from_client; content:"GET"; http_method; content:"/antonio12gkn71/underlayer/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488679/; classtype:trojan-activity;sid:84351779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488678)"; flow:established,from_client; content:"GET"; http_method; content:"/peashooter0001/ublue-os-cosmic/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488678/; classtype:trojan-activity;sid:84351778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488675)"; flow:established,from_client; content:"GET"; http_method; content:"/omierkareem/deep-freeze-enterprise-download/releases/download/v2.0/software.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488675/; classtype:trojan-activity;sid:84351775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488671)"; flow:established,from_client; content:"GET"; http_method; content:"/saniyayadav/ai-lead-generation-agent/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488671/; classtype:trojan-activity;sid:84351771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488672)"; flow:established,from_client; content:"GET"; http_method; content:"/xxmadkillerx10/data-engineering-zoomcamp/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488672/; classtype:trojan-activity;sid:84351772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488674)"; flow:established,from_client; content:"GET"; http_method; content:"/hadesxyzz/baichuan-m1-14b/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488674/; classtype:trojan-activity;sid:84351774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488663)"; flow:established,from_client; content:"GET"; http_method; content:"/hadesxyzz/baichuan-m1-14b/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488663/; classtype:trojan-activity;sid:84351763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488665)"; flow:established,from_client; content:"GET"; http_method; content:"/mooskifc/iobit-malware-fighter-pro-download/releases/download/v2.0/software.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488665/; classtype:trojan-activity;sid:84351765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488666)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/lauth/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488666/; classtype:trojan-activity;sid:84351766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488667)"; flow:established,from_client; content:"GET"; http_method; content:"/saniyayadav/ai-lead-generation-agent/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488667/; classtype:trojan-activity;sid:84351767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488669)"; flow:established,from_client; content:"GET"; http_method; content:"/mooskifc/iobit-malware-fighter-pro-download/releases/download/v1.0/application.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488669/; classtype:trojan-activity;sid:84351769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488659)"; flow:established,from_client; content:"GET"; http_method; content:"/rzxmha/linear_algebra/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488659/; classtype:trojan-activity;sid:84351759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488661)"; flow:established,from_client; content:"GET"; http_method; content:"/xxmadkillerx10/data-engineering-zoomcamp/releases/download/v1.0/application.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488661/; classtype:trojan-activity;sid:84351761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488662)"; flow:established,from_client; content:"GET"; http_method; content:"/omierkareem/deep-freeze-enterprise-download/releases/download/v1.0/application.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488662/; classtype:trojan-activity;sid:84351762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488658)"; flow:established,from_client; content:"GET"; http_method; content:"/rzxmha/linear_algebra/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488658/; classtype:trojan-activity;sid:84351758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488657)"; flow:established,from_client; content:"GET"; http_method; content:"/llul5ive/maliang-extensions/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488657/; classtype:trojan-activity;sid:84351757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488656)"; flow:established,from_client; content:"GET"; http_method; content:"/luhi989/triviaquest/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488656/; classtype:trojan-activity;sid:84351756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488644)"; flow:established,from_client; content:"GET"; http_method; content:"/llul5ive/maliang-extensions/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488644/; classtype:trojan-activity;sid:84351744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488647)"; flow:established,from_client; content:"GET"; http_method; content:"/muum1209/couplers/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488647/; classtype:trojan-activity;sid:84351747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488648)"; flow:established,from_client; content:"GET"; http_method; content:"/luhi989/triviaquest/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488648/; classtype:trojan-activity;sid:84351748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488649)"; flow:established,from_client; content:"GET"; http_method; content:"/muum1209/couplers/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488649/; classtype:trojan-activity;sid:84351749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488651)"; flow:established,from_client; content:"GET"; http_method; content:"/ne-ted/free_us_investment_agent_system/releases/download/v1.0/application.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488651/; classtype:trojan-activity;sid:84351751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488652)"; flow:established,from_client; content:"GET"; http_method; content:"/otaviomsj/hdo-box-app/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488652/; classtype:trojan-activity;sid:84351752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488654)"; flow:established,from_client; content:"GET"; http_method; content:"/npcgamingyt-thegoat/telegram-robot-handler/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488654/; classtype:trojan-activity;sid:84351754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488642)"; flow:established,from_client; content:"GET"; http_method; content:"/otaviomsj/hdo-box-app/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488642/; classtype:trojan-activity;sid:84351742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488643)"; flow:established,from_client; content:"GET"; http_method; content:"/npcgamingyt-thegoat/telegram-robot-handler/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488643/; classtype:trojan-activity;sid:84351743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488636)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18630095/software.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488636/; classtype:trojan-activity;sid:84351736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488637)"; flow:established,from_client; content:"GET"; http_method; content:"/ericsribas/linux-studies/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488637/; classtype:trojan-activity;sid:84351737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488638)"; flow:established,from_client; content:"GET"; http_method; content:"/maxt5n/deepseek-model-finetune-inference-platform/releases/download/v1.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488638/; classtype:trojan-activity;sid:84351738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488639)"; flow:established,from_client; content:"GET"; http_method; content:"/lalovargas69/dado/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488639/; classtype:trojan-activity;sid:84351739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488630)"; flow:established,from_client; content:"GET"; http_method; content:"/dasara21/hypermatch/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488630/; classtype:trojan-activity;sid:84351730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488631)"; flow:established,from_client; content:"GET"; http_method; content:"/sudi008/mocha-job-portal-frontend/releases/download/v1.0/software.zip/"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488631/; classtype:trojan-activity;sid:84351731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488632)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18630095/software.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488632/; classtype:trojan-activity;sid:84351732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488633)"; flow:established,from_client; content:"GET"; http_method; content:"/moatazgt3/email2_classicemail_docs/releases/download/v1.0/installer.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488633/; classtype:trojan-activity;sid:84351733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488634)"; flow:established,from_client; content:"GET"; http_method; content:"/brevidade/fleet-pattern/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488634/; classtype:trojan-activity;sid:84351734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488635)"; flow:established,from_client; content:"GET"; http_method; content:"/kachinimin/mod-gta5/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488635/; classtype:trojan-activity;sid:84351735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488619)"; flow:established,from_client; content:"GET"; http_method; content:"/chrisisme5/dx9ware-roblox/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488619/; classtype:trojan-activity;sid:84351719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488620)"; flow:established,from_client; content:"GET"; http_method; content:"/saninmysore/aws-face-recognition/releases/download/v1.0/software.zip/"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488620/; classtype:trojan-activity;sid:84351720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488627)"; flow:established,from_client; content:"GET"; http_method; content:"/ahsankhan55/send-form-email/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488627/; classtype:trojan-activity;sid:84351727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488618)"; flow:established,from_client; content:"GET"; http_method; content:"/barza22/phpstorm-jetbrains-unlimited-ide/releases/download/v1.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488618/; classtype:trojan-activity;sid:84351718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488616)"; flow:established,from_client; content:"GET"; http_method; content:"/thilakshanthavarajah/simpletemp-demo/releases/download/v2.0/software.zip/"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488616/; classtype:trojan-activity;sid:84351716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488597)"; flow:established,from_client; content:"GET"; http_method; content:"/aashishpatil2001/coffee_causality/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488597/; classtype:trojan-activity;sid:84351697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488599)"; flow:established,from_client; content:"GET"; http_method; content:"/ericsribas/linux-studies/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488599/; classtype:trojan-activity;sid:84351699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488601)"; flow:established,from_client; content:"GET"; http_method; content:"/desarrolladorsoftwarejr/office-2024/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488601/; classtype:trojan-activity;sid:84351701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488602)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v1.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488602/; classtype:trojan-activity;sid:84351702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488605)"; flow:established,from_client; content:"GET"; http_method; content:"/binnizenobiocordovaleandro/apachimuhkayqui-server/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488605/; classtype:trojan-activity;sid:84351705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488606)"; flow:established,from_client; content:"GET"; http_method; content:"/bryandejesusrt/reconocimiento-de-placas-con-ia-bytecoders/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488606/; classtype:trojan-activity;sid:84351706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488608)"; flow:established,from_client; content:"GET"; http_method; content:"/boomerxd69/amog-os-lts/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488608/; classtype:trojan-activity;sid:84351708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488609)"; flow:established,from_client; content:"GET"; http_method; content:"/roblox12400z/dx9ware-roblox/releases/download/v1.0/app.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488609/; classtype:trojan-activity;sid:84351709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488614)"; flow:established,from_client; content:"GET"; http_method; content:"/kasonsh2450/bananan-shooter-hack-interna-/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488614/; classtype:trojan-activity;sid:84351714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488615)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18722098/application.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488615/; classtype:trojan-activity;sid:84351715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488596)"; flow:established,from_client; content:"GET"; http_method; content:"/micahchue/hwid-spoofer-and-cleaner-2024/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488596/; classtype:trojan-activity;sid:84351696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488595)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18722098/application.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488595/; classtype:trojan-activity;sid:84351695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488590)"; flow:established,from_client; content:"GET"; http_method; content:"/thilakshanthavarajah/simpletemp-demo/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488590/; classtype:trojan-activity;sid:84351690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488582)"; flow:established,from_client; content:"GET"; http_method; content:"/razzisproatgaming/hacathon-backend-smit/releases/download/v1.0/application.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488582/; classtype:trojan-activity;sid:84351682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488585)"; flow:established,from_client; content:"GET"; http_method; content:"/obaniissnek/earlycascade/releases/download/v2.0/release_x64.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488585/; classtype:trojan-activity;sid:84351685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488587)"; flow:established,from_client; content:"GET"; http_method; content:"/fufulooky/life.html/releases/download/v2.0/release_x64.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488587/; classtype:trojan-activity;sid:84351687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488566)"; flow:established,from_client; content:"GET"; http_method; content:"/hahaha911/detoxify/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488566/; classtype:trojan-activity;sid:84351666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488567)"; flow:established,from_client; content:"GET"; http_method; content:"/farizalsalman21/keon/releases/download/v2.0/release_x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488567/; classtype:trojan-activity;sid:84351667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488572)"; flow:established,from_client; content:"GET"; http_method; content:"/d3m0nvr/electron-executor/releases/download/v2.0/release_x64.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488572/; classtype:trojan-activity;sid:84351672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488573)"; flow:established,from_client; content:"GET"; http_method; content:"/discord-link-redirect/hr-analytics-optimizer/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488573/; classtype:trojan-activity;sid:84351673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488574)"; flow:established,from_client; content:"GET"; http_method; content:"/discord-link-redirect/hr-analytics-optimizer/releases/download/v1.0/application.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488574/; classtype:trojan-activity;sid:84351674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488575)"; flow:established,from_client; content:"GET"; http_method; content:"/hahaha911/detoxify/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488575/; classtype:trojan-activity;sid:84351675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488577)"; flow:established,from_client; content:"GET"; http_method; content:"/manutyco/sentinel/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488577/; classtype:trojan-activity;sid:84351677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488578)"; flow:established,from_client; content:"GET"; http_method; content:"/manutyco/sentinel/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488578/; classtype:trojan-activity;sid:84351678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488580)"; flow:established,from_client; content:"GET"; http_method; content:"/razzisproatgaming/hacathon-backend-smit/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488580/; classtype:trojan-activity;sid:84351680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488581)"; flow:established,from_client; content:"GET"; http_method; content:"/iqquxd/futzin-online/releases/download/v2.0/release_x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488581/; classtype:trojan-activity;sid:84351681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488547)"; flow:established,from_client; content:"GET"; http_method; content:"/trey89878668/dagger/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488547/; classtype:trojan-activity;sid:84351647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488548)"; flow:established,from_client; content:"GET"; http_method; content:"/nass3344/trello-like-api/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488548/; classtype:trojan-activity;sid:84351648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488549)"; flow:established,from_client; content:"GET"; http_method; content:"/toe2132313/zorvex-cat/releases/download/v1.0/software.zip/"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488549/; classtype:trojan-activity;sid:84351649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488550)"; flow:established,from_client; content:"GET"; http_method; content:"/xaviertya/.dotfiles/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488550/; classtype:trojan-activity;sid:84351650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488551)"; flow:established,from_client; content:"GET"; http_method; content:"/nt8068/awp.gg-executor-roblox/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488551/; classtype:trojan-activity;sid:84351651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488552)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488552/; classtype:trojan-activity;sid:84351652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488554)"; flow:established,from_client; content:"GET"; http_method; content:"/itzidkmoment/flutter_flower_clone_app/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488554/; classtype:trojan-activity;sid:84351654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488555)"; flow:established,from_client; content:"GET"; http_method; content:"/naiahahah/musicbox/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488555/; classtype:trojan-activity;sid:84351655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488557)"; flow:established,from_client; content:"GET"; http_method; content:"/afonsosousait/freeroam/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488557/; classtype:trojan-activity;sid:84351657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488533)"; flow:established,from_client; content:"GET"; http_method; content:"/xaviertya/.dotfiles/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488533/; classtype:trojan-activity;sid:84351633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488537)"; flow:established,from_client; content:"GET"; http_method; content:"/aufahuhs/advanced-machine-learning-personal-project/releases/download/v1.0/software.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488537/; classtype:trojan-activity;sid:84351637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488540)"; flow:established,from_client; content:"GET"; http_method; content:"/doomzday4032/blox-fruits-autofarm/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488540/; classtype:trojan-activity;sid:84351640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488541)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/smart-web-scraper-2.0-using-gen-ai/releases/download/v1.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488541/; classtype:trojan-activity;sid:84351641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488543)"; flow:established,from_client; content:"GET"; http_method; content:"/ggusercool/pancakeswapbnbprediction/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488543/; classtype:trojan-activity;sid:84351643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488545)"; flow:established,from_client; content:"GET"; http_method; content:"/narfor502/cucumberbddframework/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488545/; classtype:trojan-activity;sid:84351645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488510)"; flow:established,from_client; content:"GET"; http_method; content:"/k4tuu/roblox-faxi-macro/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488510/; classtype:trojan-activity;sid:84351610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488511)"; flow:established,from_client; content:"GET"; http_method; content:"/12301530/pump-fun-frontend/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488511/; classtype:trojan-activity;sid:84351611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488514)"; flow:established,from_client; content:"GET"; http_method; content:"/kareemdaher772/weather-app/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488514/; classtype:trojan-activity;sid:84351614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488505)"; flow:established,from_client; content:"GET"; http_method; content:"/huizuohaode/ai-image-generator/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488505/; classtype:trojan-activity;sid:84351605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488509)"; flow:established,from_client; content:"GET"; http_method; content:"/arthurvill/todolist/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488509/; classtype:trojan-activity;sid:84351609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488476)"; flow:established,from_client; content:"GET"; http_method; content:"/afjhr/iexplorer-free/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488476/; classtype:trojan-activity;sid:84351576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488477)"; flow:established,from_client; content:"GET"; http_method; content:"/giiyu12/codex-roblox/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488477/; classtype:trojan-activity;sid:84351577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488478)"; flow:established,from_client; content:"GET"; http_method; content:"/rahulpa045/cphishtermux/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488478/; classtype:trojan-activity;sid:84351578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488480)"; flow:established,from_client; content:"GET"; http_method; content:"/anonnimo/nitropage/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488480/; classtype:trojan-activity;sid:84351580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488482)"; flow:established,from_client; content:"GET"; http_method; content:"/sporty18000/mobiledit-forensic-express-pro-free/releases/download/v1.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488482/; classtype:trojan-activity;sid:84351582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488483)"; flow:established,from_client; content:"GET"; http_method; content:"/davinjoeevano/batch-project-scaffolds/releases/download/v2.0/software.zip/"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488483/; classtype:trojan-activity;sid:84351583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488485)"; flow:established,from_client; content:"GET"; http_method; content:"/ne-ted/free_us_investment_agent_system/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488485/; classtype:trojan-activity;sid:84351585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488487)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488487/; classtype:trojan-activity;sid:84351587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488488)"; flow:established,from_client; content:"GET"; http_method; content:"/bashspicerb/quasarrat-remote-access-tool/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488488/; classtype:trojan-activity;sid:84351588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488490)"; flow:established,from_client; content:"GET"; http_method; content:"/vyshnavidevi11/frtproject/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488490/; classtype:trojan-activity;sid:84351590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488492)"; flow:established,from_client; content:"GET"; http_method; content:"/cartervr/taxdatabase-sql-tableau/releases/download/v2.0/software.zip/"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488492/; classtype:trojan-activity;sid:84351592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488495)"; flow:established,from_client; content:"GET"; http_method; content:"/salsiii/codex-roblox/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488495/; classtype:trojan-activity;sid:84351595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488496)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/githubtutorial/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488496/; classtype:trojan-activity;sid:84351596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488497)"; flow:established,from_client; content:"GET"; http_method; content:"/globalnewsory/layeredge-auto-bot/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488497/; classtype:trojan-activity;sid:84351597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488498)"; flow:established,from_client; content:"GET"; http_method; content:"/rafy35198/jjsploit/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488498/; classtype:trojan-activity;sid:84351598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488499)"; flow:established,from_client; content:"GET"; http_method; content:"/double-back/evon-executor/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488499/; classtype:trojan-activity;sid:84351599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488500)"; flow:established,from_client; content:"GET"; http_method; content:"/kietmio/awesome-nlp-papers/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488500/; classtype:trojan-activity;sid:84351600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488501)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinyxml/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488501/; classtype:trojan-activity;sid:84351601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488502)"; flow:established,from_client; content:"GET"; http_method; content:"/devofss/leadfinder-agent/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488502/; classtype:trojan-activity;sid:84351602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488470)"; flow:established,from_client; content:"GET"; http_method; content:"/muterfree/nexus-roblox/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488470/; classtype:trojan-activity;sid:84351570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488471)"; flow:established,from_client; content:"GET"; http_method; content:"/agr1us/roblox-oxygen/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488471/; classtype:trojan-activity;sid:84351571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488472)"; flow:established,from_client; content:"GET"; http_method; content:"/mejicool/casino-scripts.com-/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488472/; classtype:trojan-activity;sid:84351572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488473)"; flow:established,from_client; content:"GET"; http_method; content:"/afjhr/iexplorer-free/releases/download/v2.0/software.zip/"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488473/; classtype:trojan-activity;sid:84351573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488448)"; flow:established,from_client; content:"GET"; http_method; content:"/sporty18000/mobiledit-forensic-express-pro-free/releases/download/v2.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488448/; classtype:trojan-activity;sid:84351548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488460)"; flow:established,from_client; content:"GET"; http_method; content:"/loudwens/displayindex/releases/download/v2.0/software.zip/"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488460/; classtype:trojan-activity;sid:84351560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488439)"; flow:established,from_client; content:"GET"; http_method; content:"/iampoo31331/hydrogen-executor/releases/download/v2.0/program.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488439/; classtype:trojan-activity;sid:84351539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488440)"; flow:established,from_client; content:"GET"; http_method; content:"/lordsatanthenuker/discorduniverse/releases/download/v2.0/program.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488440/; classtype:trojan-activity;sid:84351540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488441)"; flow:established,from_client; content:"GET"; http_method; content:"/pufferfish420/fixing-error-0x8007000e/releases/download/v2.0/program.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488441/; classtype:trojan-activity;sid:84351541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488442)"; flow:established,from_client; content:"GET"; http_method; content:"/timy2007/trigon-evo/releases/download/v2.0/program.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488442/; classtype:trojan-activity;sid:84351542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488443)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v2.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488443/; classtype:trojan-activity;sid:84351543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488436)"; flow:established,from_client; content:"GET"; http_method; content:"/elijahhx/dead1ock-h4ck/releases/download/v2.0/program.zip/"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488436/; classtype:trojan-activity;sid:84351536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488433)"; flow:established,from_client; content:"GET"; http_method; content:"/elijahhx/dead1ock-h4ck/releases/download/v2.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488433/; classtype:trojan-activity;sid:84351533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488434)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowlord11/arceus-executor/releases/download/v2.0/program.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488434/; classtype:trojan-activity;sid:84351534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488426)"; flow:established,from_client; content:"GET"; http_method; content:"/rag7720/coretech-solutions-custom-odoo-module/releases/download/v1.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488426/; classtype:trojan-activity;sid:84351526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488427)"; flow:established,from_client; content:"GET"; http_method; content:"/calebtheman116/hotel_customers_sentiments/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488427/; classtype:trojan-activity;sid:84351527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488428)"; flow:established,from_client; content:"GET"; http_method; content:"/theoiscoollol/estatease.co/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488428/; classtype:trojan-activity;sid:84351528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488429)"; flow:established,from_client; content:"GET"; http_method; content:"/bnytgamer/wondershare-drfone-download/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488429/; classtype:trojan-activity;sid:84351529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488430)"; flow:established,from_client; content:"GET"; http_method; content:"/bnytgamer/wondershare-drfone-download/releases/download/v1.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488430/; classtype:trojan-activity;sid:84351530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488431)"; flow:established,from_client; content:"GET"; http_method; content:"/calebtheman116/hotel_customers_sentiments/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488431/; classtype:trojan-activity;sid:84351531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488425)"; flow:established,from_client; content:"GET"; http_method; content:"/rag7720/coretech-solutions-custom-odoo-module/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488425/; classtype:trojan-activity;sid:84351525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488424)"; flow:established,from_client; content:"GET"; http_method; content:"/theoiscoollol/estatease.co/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488424/; classtype:trojan-activity;sid:84351524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488413)"; flow:established,from_client; content:"GET"; http_method; content:"/oscar09284/nuxt-swal/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488413/; classtype:trojan-activity;sid:84351513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488412)"; flow:established,from_client; content:"GET"; http_method; content:"/lolvr69/llms-from-scratch/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488412/; classtype:trojan-activity;sid:84351512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488397)"; flow:established,from_client; content:"GET"; http_method; content:"/whitreyce3/paytasker-client/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488397/; classtype:trojan-activity;sid:84351497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488400)"; flow:established,from_client; content:"GET"; http_method; content:"/hannesfht/hotel-reservation-analysis-dashboard/releases/download/v1.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488400/; classtype:trojan-activity;sid:84351500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488401)"; flow:established,from_client; content:"GET"; http_method; content:"/oscar09284/nuxt-swal/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488401/; classtype:trojan-activity;sid:84351501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488402)"; flow:established,from_client; content:"GET"; http_method; content:"/cursrrx/zero-overhead-promise-lock/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488402/; classtype:trojan-activity;sid:84351502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488403)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinborgesz/the-data-engineering-academy/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488403/; classtype:trojan-activity;sid:84351503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488406)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinborgesz/the-data-engineering-academy/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488406/; classtype:trojan-activity;sid:84351506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488408)"; flow:established,from_client; content:"GET"; http_method; content:"/ashwin-wright/image-url-converter/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488408/; classtype:trojan-activity;sid:84351508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488409)"; flow:established,from_client; content:"GET"; http_method; content:"/dongskie43/nlp-engineering-hub/releases/download/v1.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488409/; classtype:trojan-activity;sid:84351509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488410)"; flow:established,from_client; content:"GET"; http_method; content:"/cursrrx/zero-overhead-promise-lock/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488410/; classtype:trojan-activity;sid:84351510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488411)"; flow:established,from_client; content:"GET"; http_method; content:"/hannesfht/hotel-reservation-analysis-dashboard/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488411/; classtype:trojan-activity;sid:84351511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488387)"; flow:established,from_client; content:"GET"; http_method; content:"/elfranp4/safespace/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488387/; classtype:trojan-activity;sid:84351487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488392)"; flow:established,from_client; content:"GET"; http_method; content:"/elfranp4/safespace/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488392/; classtype:trojan-activity;sid:84351492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488393)"; flow:established,from_client; content:"GET"; http_method; content:"/sudjgfajshdgajsdh/mojo-ui/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488393/; classtype:trojan-activity;sid:84351493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488394)"; flow:established,from_client; content:"GET"; http_method; content:"/whitreyce3/paytasker-client/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488394/; classtype:trojan-activity;sid:84351494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488396)"; flow:established,from_client; content:"GET"; http_method; content:"/dongskie43/nlp-engineering-hub/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488396/; classtype:trojan-activity;sid:84351496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488386)"; flow:established,from_client; content:"GET"; http_method; content:"/sudjgfajshdgajsdh/mojo-ui/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488386/; classtype:trojan-activity;sid:84351486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488381)"; flow:established,from_client; content:"GET"; http_method; content:"/vascoverde/rainfall-monitoring-system-iot/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488381/; classtype:trojan-activity;sid:84351481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488383)"; flow:established,from_client; content:"GET"; http_method; content:"/edhmatinlassi/slf4j-examples/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488383/; classtype:trojan-activity;sid:84351483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488379)"; flow:established,from_client; content:"GET"; http_method; content:"/ashwin-wright/image-url-converter/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488379/; classtype:trojan-activity;sid:84351479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488380)"; flow:established,from_client; content:"GET"; http_method; content:"/vascoverde/rainfall-monitoring-system-iot/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488380/; classtype:trojan-activity;sid:84351480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488374)"; flow:established,from_client; content:"GET"; http_method; content:"/lolvr69/llms-from-scratch/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488374/; classtype:trojan-activity;sid:84351474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488368)"; flow:established,from_client; content:"GET"; http_method; content:"/notready155/whatsapp-chat-analysis/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488368/; classtype:trojan-activity;sid:84351468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488367)"; flow:established,from_client; content:"GET"; http_method; content:"/francisco5577/ffmp/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488367/; classtype:trojan-activity;sid:84351467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488350)"; flow:established,from_client; content:"GET"; http_method; content:"/ilovedoo/ted-lasso-gpt/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488350/; classtype:trojan-activity;sid:84351450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488351)"; flow:established,from_client; content:"GET"; http_method; content:"/fnfurrcann/any-listen/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488351/; classtype:trojan-activity;sid:84351451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488352)"; flow:established,from_client; content:"GET"; http_method; content:"/helic2355/clatsworth/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488352/; classtype:trojan-activity;sid:84351452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488353)"; flow:established,from_client; content:"GET"; http_method; content:"/fnfurrcann/any-listen/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488353/; classtype:trojan-activity;sid:84351453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488354)"; flow:established,from_client; content:"GET"; http_method; content:"/axodoof/numeronym-generator/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488354/; classtype:trojan-activity;sid:84351454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488355)"; flow:established,from_client; content:"GET"; http_method; content:"/zerovr988/apaphx_ads1015/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488355/; classtype:trojan-activity;sid:84351455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488356)"; flow:established,from_client; content:"GET"; http_method; content:"/helic2355/clatsworth/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488356/; classtype:trojan-activity;sid:84351456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488357)"; flow:established,from_client; content:"GET"; http_method; content:"/joshue2006/llm-reasoner/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488357/; classtype:trojan-activity;sid:84351457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488358)"; flow:established,from_client; content:"GET"; http_method; content:"/francisco5577/ffmp/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488358/; classtype:trojan-activity;sid:84351458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488360)"; flow:established,from_client; content:"GET"; http_method; content:"/ilovedoo/ted-lasso-gpt/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488360/; classtype:trojan-activity;sid:84351460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488362)"; flow:established,from_client; content:"GET"; http_method; content:"/f60n/player-engagement-system/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488362/; classtype:trojan-activity;sid:84351462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488363)"; flow:established,from_client; content:"GET"; http_method; content:"/zerovr988/apaphx_ads1015/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488363/; classtype:trojan-activity;sid:84351463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488364)"; flow:established,from_client; content:"GET"; http_method; content:"/axodoof/numeronym-generator/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488364/; classtype:trojan-activity;sid:84351464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488365)"; flow:established,from_client; content:"GET"; http_method; content:"/f60n/player-engagement-system/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488365/; classtype:trojan-activity;sid:84351465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488366)"; flow:established,from_client; content:"GET"; http_method; content:"/dannythescripter/rails-modern-stack-template/releases/download/v1.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488366/; classtype:trojan-activity;sid:84351466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488349)"; flow:established,from_client; content:"GET"; http_method; content:"/quocbaovioedu/squibview/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488349/; classtype:trojan-activity;sid:84351449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488348)"; flow:established,from_client; content:"GET"; http_method; content:"/darkskin508/thor/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488348/; classtype:trojan-activity;sid:84351448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488344)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedthegoat10/inklink/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488344/; classtype:trojan-activity;sid:84351444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488346)"; flow:established,from_client; content:"GET"; http_method; content:"/bigdaveyy/react-form-validator-pro/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488346/; classtype:trojan-activity;sid:84351446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488347)"; flow:established,from_client; content:"GET"; http_method; content:"/leaf342/liveexec32/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488347/; classtype:trojan-activity;sid:84351447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488329)"; flow:established,from_client; content:"GET"; http_method; content:"/nigsgehe/leakygpt/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488329/; classtype:trojan-activity;sid:84351429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488330)"; flow:established,from_client; content:"GET"; http_method; content:"/ego-creator/hepmassclassification/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488330/; classtype:trojan-activity;sid:84351430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488331)"; flow:established,from_client; content:"GET"; http_method; content:"/ego-creator/hepmassclassification/releases/download/v1.0/installer.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488331/; classtype:trojan-activity;sid:84351431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488332)"; flow:established,from_client; content:"GET"; http_method; content:"/weslei78b/beast-engine/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488332/; classtype:trojan-activity;sid:84351432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488333)"; flow:established,from_client; content:"GET"; http_method; content:"/elfrijoles/navengine/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488333/; classtype:trojan-activity;sid:84351433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin49/gym-management-system-/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488334/; classtype:trojan-activity;sid:84351434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488335)"; flow:established,from_client; content:"GET"; http_method; content:"/juanpepep213/hummingbird-wallet/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488335/; classtype:trojan-activity;sid:84351435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin49/gym-management-system-/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488336/; classtype:trojan-activity;sid:84351436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488337)"; flow:established,from_client; content:"GET"; http_method; content:"/quocbaovioedu/squibview/releases/download/v1.0/application.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488337/; classtype:trojan-activity;sid:84351437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488338)"; flow:established,from_client; content:"GET"; http_method; content:"/weslei78b/beast-engine/releases/download/v1.0/installer.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488338/; classtype:trojan-activity;sid:84351438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488341)"; flow:established,from_client; content:"GET"; http_method; content:"/dy1365/smiles2dta-demo/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488341/; classtype:trojan-activity;sid:84351441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488343)"; flow:established,from_client; content:"GET"; http_method; content:"/leaf342/liveexec32/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488343/; classtype:trojan-activity;sid:84351443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488325)"; flow:established,from_client; content:"GET"; http_method; content:"/yunichi/livekit-voice-ai-agent-setup/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488325/; classtype:trojan-activity;sid:84351425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488327)"; flow:established,from_client; content:"GET"; http_method; content:"/dy1365/smiles2dta-demo/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488327/; classtype:trojan-activity;sid:84351427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488323)"; flow:established,from_client; content:"GET"; http_method; content:"/darkskin508/thor/releases/download/v1.0/application.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488323/; classtype:trojan-activity;sid:84351423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488324)"; flow:established,from_client; content:"GET"; http_method; content:"/elfrijoles/navengine/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488324/; classtype:trojan-activity;sid:84351424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488320)"; flow:established,from_client; content:"GET"; http_method; content:"/nigsgehe/leakygpt/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488320/; classtype:trojan-activity;sid:84351420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488322)"; flow:established,from_client; content:"GET"; http_method; content:"/juanpepep213/hummingbird-wallet/releases/download/v1.0/installer.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488322/; classtype:trojan-activity;sid:84351422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488309)"; flow:established,from_client; content:"GET"; http_method; content:"/dianfauzi16/school-project/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488309/; classtype:trojan-activity;sid:84351409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488311)"; flow:established,from_client; content:"GET"; http_method; content:"/duyanh2017/keyauth-imgui-example-protected/releases/download/v1.0/installer.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488311/; classtype:trojan-activity;sid:84351411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488312)"; flow:established,from_client; content:"GET"; http_method; content:"/woo071002/parcel-management-system/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488312/; classtype:trojan-activity;sid:84351412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488314)"; flow:established,from_client; content:"GET"; http_method; content:"/hvkleon/text-classification-sentiment-analysis/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488314/; classtype:trojan-activity;sid:84351414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488305)"; flow:established,from_client; content:"GET"; http_method; content:"/duyanh2017/keyauth-imgui-example-protected/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488305/; classtype:trojan-activity;sid:84351405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488306)"; flow:established,from_client; content:"GET"; http_method; content:"/hvkleon/text-classification-sentiment-analysis/releases/download/v1.0/installer.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488306/; classtype:trojan-activity;sid:84351406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488307)"; flow:established,from_client; content:"GET"; http_method; content:"/thandoman/seedtool/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488307/; classtype:trojan-activity;sid:84351407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488308)"; flow:established,from_client; content:"GET"; http_method; content:"/woo071002/parcel-management-system/releases/download/v1.0/installer.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488308/; classtype:trojan-activity;sid:84351408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488304)"; flow:established,from_client; content:"GET"; http_method; content:"/thandoman/seedtool/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488304/; classtype:trojan-activity;sid:84351404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488294)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/solana-trading-bot/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488294/; classtype:trojan-activity;sid:84351394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488295)"; flow:established,from_client; content:"GET"; http_method; content:"/james14669/react-flames-calculator/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488295/; classtype:trojan-activity;sid:84351395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488297)"; flow:established,from_client; content:"GET"; http_method; content:"/agaztya/trezor-suite-official-wallet-management/releases/download/v2.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488297/; classtype:trojan-activity;sid:84351397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488285)"; flow:established,from_client; content:"GET"; http_method; content:"/idk471/dmail_classicemail_docs/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488285/; classtype:trojan-activity;sid:84351385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488288)"; flow:established,from_client; content:"GET"; http_method; content:"/akusayudodograu/agentic-rag-story-generation-with-multimodal-genai/releases/download/v1.0/release.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488288/; classtype:trojan-activity;sid:84351388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488291)"; flow:established,from_client; content:"GET"; http_method; content:"/kryptonnic/blue-warehousing-system/releases/download/v1.0/release.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488291/; classtype:trojan-activity;sid:84351391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488293)"; flow:established,from_client; content:"GET"; http_method; content:"/imthegoat123456/snu_2d_programmingtools_ide_2-dimensional-array/releases/download/v1.0/release.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488293/; classtype:trojan-activity;sid:84351393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488266)"; flow:established,from_client; content:"GET"; http_method; content:"/kietmio/awesome-nlp-papers/releases/download/v1.0/release.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488266/; classtype:trojan-activity;sid:84351366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488267)"; flow:established,from_client; content:"GET"; http_method; content:"/agaztya/trezor-suite-official-wallet-management/releases/download/v1.0/installer.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488267/; classtype:trojan-activity;sid:84351367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488268)"; flow:established,from_client; content:"GET"; http_method; content:"/bashspicerb/quasarrat-remote-access-tool/releases/download/v1.0/installer.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488268/; classtype:trojan-activity;sid:84351368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488269)"; flow:established,from_client; content:"GET"; http_method; content:"/marig1204/dmail_classicemail/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488269/; classtype:trojan-activity;sid:84351369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488270)"; flow:established,from_client; content:"GET"; http_method; content:"/n0tunknown/autonics/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488270/; classtype:trojan-activity;sid:84351370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488271)"; flow:established,from_client; content:"GET"; http_method; content:"/kryptonnic/blue-warehousing-system/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488271/; classtype:trojan-activity;sid:84351371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488273)"; flow:established,from_client; content:"GET"; http_method; content:"/itztoastie/email2_classicemail/releases/download/v1.0/installer.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488273/; classtype:trojan-activity;sid:84351373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488274)"; flow:established,from_client; content:"GET"; http_method; content:"/marig1204/dmail_classicemail/releases/download/v1.0/installer.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488274/; classtype:trojan-activity;sid:84351374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488275)"; flow:established,from_client; content:"GET"; http_method; content:"/mcflury62/zipsnipp/releases/download/v1.0/release.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488275/; classtype:trojan-activity;sid:84351375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488276)"; flow:established,from_client; content:"GET"; http_method; content:"/n0tunknown/autonics/releases/download/v1.0/release.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488276/; classtype:trojan-activity;sid:84351376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488278)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/solana-trading-bot/releases/download/v1.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488278/; classtype:trojan-activity;sid:84351378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488281)"; flow:established,from_client; content:"GET"; http_method; content:"/imthegoat123456/snu_2d_programmingtools_ide_2-dimensional-array/releases/download/v2.0/software.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488281/; classtype:trojan-activity;sid:84351381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488282)"; flow:established,from_client; content:"GET"; http_method; content:"/cartervr/taxdatabase-sql-tableau/releases/download/v1.0/release.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488282/; classtype:trojan-activity;sid:84351382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488283)"; flow:established,from_client; content:"GET"; http_method; content:"/james14669/react-flames-calculator/releases/download/v1.0/release.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488283/; classtype:trojan-activity;sid:84351383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488264)"; flow:established,from_client; content:"GET"; http_method; content:"/itztoastie/email2_classicemail/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488264/; classtype:trojan-activity;sid:84351364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488261)"; flow:established,from_client; content:"GET"; http_method; content:"/bashspicerb/quasarrat-remote-access-tool/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488261/; classtype:trojan-activity;sid:84351361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488262)"; flow:established,from_client; content:"GET"; http_method; content:"/mcflury62/zipsnipp/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488262/; classtype:trojan-activity;sid:84351362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488241)"; flow:established,from_client; content:"GET"; http_method; content:"/kirito090/pingrabber/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488241/; classtype:trojan-activity;sid:84351341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488242)"; flow:established,from_client; content:"GET"; http_method; content:"/frosty-goat/despeedbot/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488242/; classtype:trojan-activity;sid:84351342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488243)"; flow:established,from_client; content:"GET"; http_method; content:"/pyc888/dbcachinglayer/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488243/; classtype:trojan-activity;sid:84351343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488244)"; flow:established,from_client; content:"GET"; http_method; content:"/hermogenesjr/qeats/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488244/; classtype:trojan-activity;sid:84351344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488245)"; flow:established,from_client; content:"GET"; http_method; content:"/moatazgt3/email2_classicemail_docs/releases/download/v1.0/installer.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488245/; classtype:trojan-activity;sid:84351345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488233)"; flow:established,from_client; content:"GET"; http_method; content:"/bolfymcplayer/intermag/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488233/; classtype:trojan-activity;sid:84351333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488234)"; flow:established,from_client; content:"GET"; http_method; content:"/bolfymcplayer/intermag/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488234/; classtype:trojan-activity;sid:84351334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488235)"; flow:established,from_client; content:"GET"; http_method; content:"/kirito090/pingrabber/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488235/; classtype:trojan-activity;sid:84351335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488236)"; flow:established,from_client; content:"GET"; http_method; content:"/moatazgt3/email2_classicemail_docs/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488236/; classtype:trojan-activity;sid:84351336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488238)"; flow:established,from_client; content:"GET"; http_method; content:"/champtamutami/deepseek-azure-javascript/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488238/; classtype:trojan-activity;sid:84351338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488239)"; flow:established,from_client; content:"GET"; http_method; content:"/pyc888/dbcachinglayer/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488239/; classtype:trojan-activity;sid:84351339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488229)"; flow:established,from_client; content:"GET"; http_method; content:"/rieeeerieeee/understanding-react/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488229/; classtype:trojan-activity;sid:84351329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488230)"; flow:established,from_client; content:"GET"; http_method; content:"/frosty-goat/despeedbot/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488230/; classtype:trojan-activity;sid:84351330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488214)"; flow:established,from_client; content:"GET"; http_method; content:"/kirito1110/licenses/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488214/; classtype:trojan-activity;sid:84351314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488213)"; flow:established,from_client; content:"GET"; http_method; content:"/vsparedes/pycalc/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488213/; classtype:trojan-activity;sid:84351313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488207)"; flow:established,from_client; content:"GET"; http_method; content:"/egejuniyors/parvanota/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488207/; classtype:trojan-activity;sid:84351307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488208)"; flow:established,from_client; content:"GET"; http_method; content:"/skibiditoilet123xx/sinav-otomasyonu-prototip/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488208/; classtype:trojan-activity;sid:84351308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488209)"; flow:established,from_client; content:"GET"; http_method; content:"/skibiditoilet123xx/sinav-otomasyonu-prototip/releases/download/v1.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488209/; classtype:trojan-activity;sid:84351309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488210)"; flow:established,from_client; content:"GET"; http_method; content:"/fluidx2/roombooking_application/releases/download/v1.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488210/; classtype:trojan-activity;sid:84351310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488211)"; flow:established,from_client; content:"GET"; http_method; content:"/viper700pro/serum-vst-installer-2024-free/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488211/; classtype:trojan-activity;sid:84351311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488212)"; flow:established,from_client; content:"GET"; http_method; content:"/jentao1234/guiamestre.js/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488212/; classtype:trojan-activity;sid:84351312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488206)"; flow:established,from_client; content:"GET"; http_method; content:"/damaonly/android-worker/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488206/; classtype:trojan-activity;sid:84351306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488203)"; flow:established,from_client; content:"GET"; http_method; content:"/ella00311/erugo/releases/download/v1.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488203/; classtype:trojan-activity;sid:84351303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488204)"; flow:established,from_client; content:"GET"; http_method; content:"/jentao1234/guiamestre.js/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488204/; classtype:trojan-activity;sid:84351304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488182)"; flow:established,from_client; content:"GET"; http_method; content:"/nour10381/cosmicstar/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488182/; classtype:trojan-activity;sid:84351282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488184)"; flow:established,from_client; content:"GET"; http_method; content:"/nour10381/cosmicstar/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488184/; classtype:trojan-activity;sid:84351284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488185)"; flow:established,from_client; content:"GET"; http_method; content:"/powerangermerah/esp8266_esp32_web_file_manager/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488185/; classtype:trojan-activity;sid:84351285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488186)"; flow:established,from_client; content:"GET"; http_method; content:"/powerangermerah/esp8266_esp32_web_file_manager/releases/download/v1.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488186/; classtype:trojan-activity;sid:84351286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488187)"; flow:established,from_client; content:"GET"; http_method; content:"/fatai-mateen/shadowtool/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488187/; classtype:trojan-activity;sid:84351287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488188)"; flow:established,from_client; content:"GET"; http_method; content:"/fatai-mateen/shadowtool/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488188/; classtype:trojan-activity;sid:84351288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488181)"; flow:established,from_client; content:"GET"; http_method; content:"/aufahuhs/advanced-machine-learning-personal-project/releases/download/v1.0/software.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488181/; classtype:trojan-activity;sid:84351281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488178)"; flow:established,from_client; content:"GET"; http_method; content:"/mantokarev/silencegen/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488178/; classtype:trojan-activity;sid:84351278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488179)"; flow:established,from_client; content:"GET"; http_method; content:"/mantokarev/silencegen/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488179/; classtype:trojan-activity;sid:84351279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488162)"; flow:established,from_client; content:"GET"; http_method; content:"/berstarhunter/deepseek-start/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488162/; classtype:trojan-activity;sid:84351262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488160)"; flow:established,from_client; content:"GET"; http_method; content:"/waleeddevel/driver-booster-pro-installer-2025/releases/download/v1.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488160/; classtype:trojan-activity;sid:84351260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488161)"; flow:established,from_client; content:"GET"; http_method; content:"/jeremiah95676t/openmetadata-helm-argocd/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488161/; classtype:trojan-activity;sid:84351261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488157)"; flow:established,from_client; content:"GET"; http_method; content:"/davinjoeevano/batch-project-scaffolds/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488157/; classtype:trojan-activity;sid:84351257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488154)"; flow:established,from_client; content:"GET"; http_method; content:"/anonnimo/nitropage/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488154/; classtype:trojan-activity;sid:84351254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488156)"; flow:established,from_client; content:"GET"; http_method; content:"/irfanr-source/synthtweet/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488156/; classtype:trojan-activity;sid:84351256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488147)"; flow:established,from_client; content:"GET"; http_method; content:"/arya-gg/axium/releases/download/v1.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488147/; classtype:trojan-activity;sid:84351247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488148)"; flow:established,from_client; content:"GET"; http_method; content:"/davinjoeevano/batch-project-scaffolds/releases/download/v1.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488148/; classtype:trojan-activity;sid:84351248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488149)"; flow:established,from_client; content:"GET"; http_method; content:"/jeremiah95676t/openmetadata-helm-argocd/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488149/; classtype:trojan-activity;sid:84351249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488150)"; flow:established,from_client; content:"GET"; http_method; content:"/anonnimo/nitropage/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488150/; classtype:trojan-activity;sid:84351250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488152)"; flow:established,from_client; content:"GET"; http_method; content:"/berstarhunter/deepseek-start/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488152/; classtype:trojan-activity;sid:84351252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488153)"; flow:established,from_client; content:"GET"; http_method; content:"/toe2132313/zorvex-cat/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488153/; classtype:trojan-activity;sid:84351253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488146)"; flow:established,from_client; content:"GET"; http_method; content:"/irfanr-source/synthtweet/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488146/; classtype:trojan-activity;sid:84351246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488128)"; flow:established,from_client; content:"GET"; http_method; content:"/loudwens/displayindex/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488128/; classtype:trojan-activity;sid:84351228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488129)"; flow:established,from_client; content:"GET"; http_method; content:"/tim2010990106/catalogue-of-languages/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488129/; classtype:trojan-activity;sid:84351229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488130)"; flow:established,from_client; content:"GET"; http_method; content:"/ariel-pachec0/seeyoohk.github.io/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488130/; classtype:trojan-activity;sid:84351230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488131)"; flow:established,from_client; content:"GET"; http_method; content:"/12301530/pump-fun-frontend/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488131/; classtype:trojan-activity;sid:84351231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488132)"; flow:established,from_client; content:"GET"; http_method; content:"/loudwens/displayindex/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488132/; classtype:trojan-activity;sid:84351232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488133)"; flow:established,from_client; content:"GET"; http_method; content:"/patacalida/churn-prediction/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488133/; classtype:trojan-activity;sid:84351233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488134)"; flow:established,from_client; content:"GET"; http_method; content:"/iguit-1/instagramuseranalysis/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488134/; classtype:trojan-activity;sid:84351234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488125)"; flow:established,from_client; content:"GET"; http_method; content:"/12301530/pump-fun-frontend/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488125/; classtype:trojan-activity;sid:84351225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488126)"; flow:established,from_client; content:"GET"; http_method; content:"/tim2010990106/catalogue-of-languages/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488126/; classtype:trojan-activity;sid:84351226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488127)"; flow:established,from_client; content:"GET"; http_method; content:"/miyajianimation/spam-filter/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488127/; classtype:trojan-activity;sid:84351227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488123)"; flow:established,from_client; content:"GET"; http_method; content:"/ariel-pachec0/seeyoohk.github.io/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488123/; classtype:trojan-activity;sid:84351223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488124)"; flow:established,from_client; content:"GET"; http_method; content:"/miyajianimation/spam-filter/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488124/; classtype:trojan-activity;sid:84351224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488114)"; flow:established,from_client; content:"GET"; http_method; content:"/lleonex/marsdevx/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488114/; classtype:trojan-activity;sid:84351214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488103)"; flow:established,from_client; content:"GET"; http_method; content:"/saninmysore/aws-face-recognition/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488103/; classtype:trojan-activity;sid:84351203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488110)"; flow:established,from_client; content:"GET"; http_method; content:"/flarerealfr/url-biblioteca-web/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488110/; classtype:trojan-activity;sid:84351210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488111)"; flow:established,from_client; content:"GET"; http_method; content:"/sinelli/a2.games/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488111/; classtype:trojan-activity;sid:84351211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488112)"; flow:established,from_client; content:"GET"; http_method; content:"/suprithakv02/buildfair/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488112/; classtype:trojan-activity;sid:84351212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488095)"; flow:established,from_client; content:"GET"; http_method; content:"/arthurvill/laravel-todos-list-2019/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488095/; classtype:trojan-activity;sid:84351195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488096)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr-web-cloud/localprompt/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488096/; classtype:trojan-activity;sid:84351196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488097)"; flow:established,from_client; content:"GET"; http_method; content:"/chethanks2005/visionuav-navigation/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488097/; classtype:trojan-activity;sid:84351197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488098)"; flow:established,from_client; content:"GET"; http_method; content:"/prakrititz/deepwater/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488098/; classtype:trojan-activity;sid:84351198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488099)"; flow:established,from_client; content:"GET"; http_method; content:"/hackedbysushi/local_deep_seek/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488099/; classtype:trojan-activity;sid:84351199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488100)"; flow:established,from_client; content:"GET"; http_method; content:"/huizuohaode/leaf/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488100/; classtype:trojan-activity;sid:84351200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488101)"; flow:established,from_client; content:"GET"; http_method; content:"/dkpetrov/agent-flux/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488101/; classtype:trojan-activity;sid:84351201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488102)"; flow:established,from_client; content:"GET"; http_method; content:"/futurinav/esteai/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488102/; classtype:trojan-activity;sid:84351202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488090)"; flow:established,from_client; content:"GET"; http_method; content:"/maxiazzinnari/mint-nft-on-sui/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488090/; classtype:trojan-activity;sid:84351190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488091)"; flow:established,from_client; content:"GET"; http_method; content:"/ahsankhan55/send-form-email/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488091/; classtype:trojan-activity;sid:84351191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488092)"; flow:established,from_client; content:"GET"; http_method; content:"/faheem6969/citrix-workspace-software/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488092/; classtype:trojan-activity;sid:84351192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488093)"; flow:established,from_client; content:"GET"; http_method; content:"/erick265/telegramchatorganizer/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488093/; classtype:trojan-activity;sid:84351193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488079)"; flow:established,from_client; content:"GET"; http_method; content:"/alsooory/svg-templates/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488079/; classtype:trojan-activity;sid:84351179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488080)"; flow:established,from_client; content:"GET"; http_method; content:"/fadoulsaboune/amazon-power-bi-dashboard/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488080/; classtype:trojan-activity;sid:84351180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488082)"; flow:established,from_client; content:"GET"; http_method; content:"/thehitter98709/gitkot/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488082/; classtype:trojan-activity;sid:84351182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488083)"; flow:established,from_client; content:"GET"; http_method; content:"/moshe236/vanishmail/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488083/; classtype:trojan-activity;sid:84351183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488084)"; flow:established,from_client; content:"GET"; http_method; content:"/awskhahaha/a/releases/download/v1.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488084/; classtype:trojan-activity;sid:84351184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488085)"; flow:established,from_client; content:"GET"; http_method; content:"/bobbysaremine/hb2/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488085/; classtype:trojan-activity;sid:84351185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488087)"; flow:established,from_client; content:"GET"; http_method; content:"/vickorkumar/666/releases/download/v1.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488087/; classtype:trojan-activity;sid:84351187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488088)"; flow:established,from_client; content:"GET"; http_method; content:"/manuxing/cloudflare-dns-swarm/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488088/; classtype:trojan-activity;sid:84351188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488073)"; flow:established,from_client; content:"GET"; http_method; content:"/frogmen123/saas-billing-tracker/releases/download/v1.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488073/; classtype:trojan-activity;sid:84351173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488075)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_airbnb-lottie/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488075/; classtype:trojan-activity;sid:84351175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488067)"; flow:established,from_client; content:"GET"; http_method; content:"/sudi008/mocha-job-portal-frontend/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488067/; classtype:trojan-activity;sid:84351167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488065)"; flow:established,from_client; content:"GET"; http_method; content:"/nirvash27/doctor-dok/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488065/; classtype:trojan-activity;sid:84351165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488062)"; flow:established,from_client; content:"GET"; http_method; content:"/afthab21/movieapp/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488062/; classtype:trojan-activity;sid:84351162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488059)"; flow:established,from_client; content:"GET"; http_method; content:"/btl-ltw/back-end/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488059/; classtype:trojan-activity;sid:84351159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488061)"; flow:established,from_client; content:"GET"; http_method; content:"/ayobcoding/deep-research-py/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488061/; classtype:trojan-activity;sid:84351161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488054)"; flow:established,from_client; content:"GET"; http_method; content:"/keanusmall/sahimatch.ai/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488054/; classtype:trojan-activity;sid:84351154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488056)"; flow:established,from_client; content:"GET"; http_method; content:"/smj3300fn/fff/releases/download/v1.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488056/; classtype:trojan-activity;sid:84351156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488057)"; flow:established,from_client; content:"GET"; http_method; content:"/alejandro5486/infestuswebapp/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488057/; classtype:trojan-activity;sid:84351157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488058)"; flow:established,from_client; content:"GET"; http_method; content:"/aashishpatil2001/coffee_causality/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488058/; classtype:trojan-activity;sid:84351158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488035)"; flow:established,from_client; content:"GET"; http_method; content:"/kossiw/olievra/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488035/; classtype:trojan-activity;sid:84351135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488036)"; flow:established,from_client; content:"GET"; http_method; content:"/nodiq/tempmail/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488036/; classtype:trojan-activity;sid:84351136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488037)"; flow:established,from_client; content:"GET"; http_method; content:"/narrr16/pihole-ausnews/releases/download/v1.0/app.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488037/; classtype:trojan-activity;sid:84351137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488039)"; flow:established,from_client; content:"GET"; http_method; content:"/vipshiva/sss/releases/download/v1.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488039/; classtype:trojan-activity;sid:84351139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488044)"; flow:established,from_client; content:"GET"; http_method; content:"/klhaus24/android-x64_livecd_13b_docs/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488044/; classtype:trojan-activity;sid:84351144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488045)"; flow:established,from_client; content:"GET"; http_method; content:"/narrr16/pihole-ausnews/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488045/; classtype:trojan-activity;sid:84351145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488046)"; flow:established,from_client; content:"GET"; http_method; content:"/keitaro000/oliver-3/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488046/; classtype:trojan-activity;sid:84351146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488052)"; flow:established,from_client; content:"GET"; http_method; content:"/chrlzjanem/laravel-py/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488052/; classtype:trojan-activity;sid:84351152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488024)"; flow:established,from_client; content:"GET"; http_method; content:"/rila111/content2map/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488024/; classtype:trojan-activity;sid:84351124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488025)"; flow:established,from_client; content:"GET"; http_method; content:"/alfa786-creator/pic-squeeze/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488025/; classtype:trojan-activity;sid:84351125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488026)"; flow:established,from_client; content:"GET"; http_method; content:"/lalovargas69/pixel-gun-3d-pc-cheats/releases/download/v1.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488026/; classtype:trojan-activity;sid:84351126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488027)"; flow:established,from_client; content:"GET"; http_method; content:"/ashwani15upadhyay/mandragora/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488027/; classtype:trojan-activity;sid:84351127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488028)"; flow:established,from_client; content:"GET"; http_method; content:"/sudhanshu182004/ml-from-scratch/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488028/; classtype:trojan-activity;sid:84351128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488030)"; flow:established,from_client; content:"GET"; http_method; content:"/mrcaptain27/lianjiascraper/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488030/; classtype:trojan-activity;sid:84351130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488032)"; flow:established,from_client; content:"GET"; http_method; content:"/arthurvill/todolist/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488032/; classtype:trojan-activity;sid:84351132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488033)"; flow:established,from_client; content:"GET"; http_method; content:"/platha19vsb/dcf-valuation/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488033/; classtype:trojan-activity;sid:84351133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488034)"; flow:established,from_client; content:"GET"; http_method; content:"/yogeshnicks/loader-ldtk/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488034/; classtype:trojan-activity;sid:84351134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488023)"; flow:established,from_client; content:"GET"; http_method; content:"/vukhang16/ggg/releases/download/v1.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488023/; classtype:trojan-activity;sid:84351123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488021)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_airbnb-lottie/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488021/; classtype:trojan-activity;sid:84351121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488011)"; flow:established,from_client; content:"GET"; http_method; content:"/cedrickly/master-s-research-project/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488011/; classtype:trojan-activity;sid:84351111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488012)"; flow:established,from_client; content:"GET"; http_method; content:"/murodsb/bool-automation-script/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488012/; classtype:trojan-activity;sid:84351112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488014)"; flow:established,from_client; content:"GET"; http_method; content:"/mejicool/casino-scripts.com-/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488014/; classtype:trojan-activity;sid:84351114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488015)"; flow:established,from_client; content:"GET"; http_method; content:"/manangoyal-coder/dosint/releases/download/v1.0/app.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488015/; classtype:trojan-activity;sid:84351115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488016)"; flow:established,from_client; content:"GET"; http_method; content:"/rizki7680/auto-gmtsar-setup/releases/download/v1.0/app.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488016/; classtype:trojan-activity;sid:84351116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488017)"; flow:established,from_client; content:"GET"; http_method; content:"/yourmumsbad/testkanban/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488017/; classtype:trojan-activity;sid:84351117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488018)"; flow:established,from_client; content:"GET"; http_method; content:"/perish76b/ratter-app/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488018/; classtype:trojan-activity;sid:84351118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488008)"; flow:established,from_client; content:"GET"; http_method; content:"/manangoyal-coder/dosint/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488008/; classtype:trojan-activity;sid:84351108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488009)"; flow:established,from_client; content:"GET"; http_method; content:"/murodsb/bool-automation-script/releases/download/v1.0/app.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488009/; classtype:trojan-activity;sid:84351109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488006)"; flow:established,from_client; content:"GET"; http_method; content:"/ttoyi/basic-web-auth/releases/download/v1.0/app.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488006/; classtype:trojan-activity;sid:84351106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488007)"; flow:established,from_client; content:"GET"; http_method; content:"/subhankarpramanik/drfone-toolkit/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488007/; classtype:trojan-activity;sid:84351107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487999)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenyy/prestigepreview_python_docs/releases/download/v1.0/app.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487999/; classtype:trojan-activity;sid:84351099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488000)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/invenstock/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488000/; classtype:trojan-activity;sid:84351100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488001)"; flow:established,from_client; content:"GET"; http_method; content:"/riusni/zipship-parcel-management-client/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488001/; classtype:trojan-activity;sid:84351101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488002)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenyy/prestigepreview_python_docs/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488002/; classtype:trojan-activity;sid:84351102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487995)"; flow:established,from_client; content:"GET"; http_method; content:"/titiaswe12/rozetka-admin-panel/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487995/; classtype:trojan-activity;sid:84351095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487996)"; flow:established,from_client; content:"GET"; http_method; content:"/afjhr/iexplorer-free/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487996/; classtype:trojan-activity;sid:84351096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487997)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowmask0/remix-app/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487997/; classtype:trojan-activity;sid:84351097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487994)"; flow:established,from_client; content:"GET"; http_method; content:"/raiokkj/avs-audio-converter-free/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487994/; classtype:trojan-activity;sid:84351094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487990)"; flow:established,from_client; content:"GET"; http_method; content:"/lochielochie/open-deep-research/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487990/; classtype:trojan-activity;sid:84351090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487989)"; flow:established,from_client; content:"GET"; http_method; content:"/dagchsgame/microsoft-md-102-dumps-pdf/releases/download/v1.0/app.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487989/; classtype:trojan-activity;sid:84351089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487981)"; flow:established,from_client; content:"GET"; http_method; content:"/dedywahyudi1/minesweeper/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487981/; classtype:trojan-activity;sid:84351081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487982)"; flow:established,from_client; content:"GET"; http_method; content:"/riusni/zipship-parcel-management-client/releases/download/v1.0/app.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487982/; classtype:trojan-activity;sid:84351082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487983)"; flow:established,from_client; content:"GET"; http_method; content:"/zeidmakic/quorixjwt/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487983/; classtype:trojan-activity;sid:84351083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487984)"; flow:established,from_client; content:"GET"; http_method; content:"/cedrickly/master-s-research-project/releases/download/v1.0/app.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487984/; classtype:trojan-activity;sid:84351084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487985)"; flow:established,from_client; content:"GET"; http_method; content:"/hotdogcookie20/yingyanai/releases/download/v1.0/app.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487985/; classtype:trojan-activity;sid:84351085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487986)"; flow:established,from_client; content:"GET"; http_method; content:"/biggobble46/freeddit/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487986/; classtype:trojan-activity;sid:84351086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487987)"; flow:established,from_client; content:"GET"; http_method; content:"/m2iq1/sendfakebtc/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487987/; classtype:trojan-activity;sid:84351087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487979)"; flow:established,from_client; content:"GET"; http_method; content:"/lochielochie/open-deep-research/releases/download/v1.0/app.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487979/; classtype:trojan-activity;sid:84351079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487980)"; flow:established,from_client; content:"GET"; http_method; content:"/bloodbag/prestigepreview_webgl_docs/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487980/; classtype:trojan-activity;sid:84351080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487977)"; flow:established,from_client; content:"GET"; http_method; content:"/zeidmakic/quorixjwt/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487977/; classtype:trojan-activity;sid:84351077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487978)"; flow:established,from_client; content:"GET"; http_method; content:"/tukiiq9/assertive/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487978/; classtype:trojan-activity;sid:84351078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487972)"; flow:established,from_client; content:"GET"; http_method; content:"/dedywahyudi1/minesweeper/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487972/; classtype:trojan-activity;sid:84351072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487974)"; flow:established,from_client; content:"GET"; http_method; content:"/amoni2019/fonepaw-screen-recorder-free/releases/download/v1.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487974/; classtype:trojan-activity;sid:84351074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487975)"; flow:established,from_client; content:"GET"; http_method; content:"/brotimer24/chargingassignment.withtests/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487975/; classtype:trojan-activity;sid:84351075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487966)"; flow:established,from_client; content:"GET"; http_method; content:"/subhankarpramanik/drfone-toolkit/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487966/; classtype:trojan-activity;sid:84351066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487969)"; flow:established,from_client; content:"GET"; http_method; content:"/123450-cloud/bestcodes.dev/releases/download/v1.0/app.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487969/; classtype:trojan-activity;sid:84351069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487964)"; flow:established,from_client; content:"GET"; http_method; content:"/vjgara/vuescan-pro-free/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487964/; classtype:trojan-activity;sid:84351064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487958)"; flow:established,from_client; content:"GET"; http_method; content:"/123450-cloud/bestcodes.dev/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487958/; classtype:trojan-activity;sid:84351058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487961)"; flow:established,from_client; content:"GET"; http_method; content:"/mkiuk/jullus2api/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487961/; classtype:trojan-activity;sid:84351061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487962)"; flow:established,from_client; content:"GET"; http_method; content:"/vjgara/vuescan-pro-free/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487962/; classtype:trojan-activity;sid:84351062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487947)"; flow:established,from_client; content:"GET"; http_method; content:"/jay3x/auto-commit/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487947/; classtype:trojan-activity;sid:84351047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487948)"; flow:established,from_client; content:"GET"; http_method; content:"/ethanpoo/babyblog/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487948/; classtype:trojan-activity;sid:84351048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487950)"; flow:established,from_client; content:"GET"; http_method; content:"/brotimer24/chargingassignment.withtests/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487950/; classtype:trojan-activity;sid:84351050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487951)"; flow:established,from_client; content:"GET"; http_method; content:"/suryaimelandabp/tm1637_pico/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487951/; classtype:trojan-activity;sid:84351051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487952)"; flow:established,from_client; content:"GET"; http_method; content:"/amoni2019/fonepaw-screen-recorder-free/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487952/; classtype:trojan-activity;sid:84351052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487953)"; flow:established,from_client; content:"GET"; http_method; content:"/daveyisbricked/movie-finder-react/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487953/; classtype:trojan-activity;sid:84351053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487954)"; flow:established,from_client; content:"GET"; http_method; content:"/daveyisbricked/movie-finder-react/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487954/; classtype:trojan-activity;sid:84351054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487955)"; flow:established,from_client; content:"GET"; http_method; content:"/jay3x/auto-commit/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487955/; classtype:trojan-activity;sid:84351055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487956)"; flow:established,from_client; content:"GET"; http_method; content:"/quynh814/teafibot/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487956/; classtype:trojan-activity;sid:84351056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487943)"; flow:established,from_client; content:"GET"; http_method; content:"/okijuinhbugvygbuhi/concept/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487943/; classtype:trojan-activity;sid:84351043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487944)"; flow:established,from_client; content:"GET"; http_method; content:"/hafijulkhan786/fhnw-dashboard/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487944/; classtype:trojan-activity;sid:84351044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487945)"; flow:established,from_client; content:"GET"; http_method; content:"/rizki7680/auto-gmtsar-setup/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487945/; classtype:trojan-activity;sid:84351045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487941)"; flow:established,from_client; content:"GET"; http_method; content:"/hotdogcookie20/yingyanai/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487941/; classtype:trojan-activity;sid:84351041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487942)"; flow:established,from_client; content:"GET"; http_method; content:"/dagchsgame/microsoft-md-102-dumps-pdf/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487942/; classtype:trojan-activity;sid:84351042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487939)"; flow:established,from_client; content:"GET"; http_method; content:"/quynh814/teafibot/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487939/; classtype:trojan-activity;sid:84351039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487940)"; flow:established,from_client; content:"GET"; http_method; content:"/jw0902/mediassist/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487940/; classtype:trojan-activity;sid:84351040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487935)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/invenstock/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487935/; classtype:trojan-activity;sid:84351035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487937)"; flow:established,from_client; content:"GET"; http_method; content:"/yourmumsbad/testkanban/releases/download/v1.0/app.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487937/; classtype:trojan-activity;sid:84351037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487938)"; flow:established,from_client; content:"GET"; http_method; content:"/namensenn/coding-practice-32-car/releases/download/v1.0/app.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487938/; classtype:trojan-activity;sid:84351038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487933)"; flow:established,from_client; content:"GET"; http_method; content:"/mejicool/casino-scripts.com-/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487933/; classtype:trojan-activity;sid:84351033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487934)"; flow:established,from_client; content:"GET"; http_method; content:"/ethanpoo/babyblog/releases/download/v1.0/app.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487934/; classtype:trojan-activity;sid:84351034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487930)"; flow:established,from_client; content:"GET"; http_method; content:"/justnem/deep-research/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487930/; classtype:trojan-activity;sid:84351030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487931)"; flow:established,from_client; content:"GET"; http_method; content:"/rofix12/spring-microservices/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487931/; classtype:trojan-activity;sid:84351031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487932)"; flow:established,from_client; content:"GET"; http_method; content:"/bloodbag/prestigepreview_webgl_docs/releases/download/v1.0/app.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487932/; classtype:trojan-activity;sid:84351032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487929)"; flow:established,from_client; content:"GET"; http_method; content:"/justnem/deep-research/releases/download/v1.0/app.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487929/; classtype:trojan-activity;sid:84351029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487927)"; flow:established,from_client; content:"GET"; http_method; content:"/mkiuk/jullus2api/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487927/; classtype:trojan-activity;sid:84351027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487925)"; flow:established,from_client; content:"GET"; http_method; content:"/suryaimelandabp/tm1637_pico/releases/download/v1.0/app.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487925/; classtype:trojan-activity;sid:84351025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487926)"; flow:established,from_client; content:"GET"; http_method; content:"/jw0902/mediassist/releases/download/v1.0/app.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487926/; classtype:trojan-activity;sid:84351026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487924)"; flow:established,from_client; content:"GET"; http_method; content:"/ttoyi/basic-web-auth/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487924/; classtype:trojan-activity;sid:84351024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487923)"; flow:established,from_client; content:"GET"; http_method; content:"/raiokkj/avs-audio-converter-free/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487923/; classtype:trojan-activity;sid:84351023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487917)"; flow:established,from_client; content:"GET"; http_method; content:"/kayden2024/aida64-extreme-free/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487917/; classtype:trojan-activity;sid:84351017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487918)"; flow:established,from_client; content:"GET"; http_method; content:"/jeff2807/githubaipy/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487918/; classtype:trojan-activity;sid:84351018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487919)"; flow:established,from_client; content:"GET"; http_method; content:"/ydpox/snu_2d_programmingtools_ide_alpine-abuild/releases/download/v2.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487919/; classtype:trojan-activity;sid:84351019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487920)"; flow:established,from_client; content:"GET"; http_method; content:"/rahul110110/rocket-telemetry-logger-using-raspberry-pi-pico/releases/download/v1.0/software.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487920/; classtype:trojan-activity;sid:84351020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487921)"; flow:established,from_client; content:"GET"; http_method; content:"/jeff2807/githubaipy/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487921/; classtype:trojan-activity;sid:84351021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487916)"; flow:established,from_client; content:"GET"; http_method; content:"/binnizenobiocordovaleandro/apachimuhkayqui-server/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487916/; classtype:trojan-activity;sid:84351016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487912)"; flow:established,from_client; content:"GET"; http_method; content:"/envility/pic18f56q24-cnano-8bit-mdfu-solution-mplab-mcc/releases/download/v2.0/software.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487912/; classtype:trojan-activity;sid:84351012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487913)"; flow:established,from_client; content:"GET"; http_method; content:"/kayden2024/aida64-extreme-free/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487913/; classtype:trojan-activity;sid:84351013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487914)"; flow:established,from_client; content:"GET"; http_method; content:"/ydpox/snu_2d_programmingtools_ide_alpine-abuild/releases/download/v1.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487914/; classtype:trojan-activity;sid:84351014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487907)"; flow:established,from_client; content:"GET"; http_method; content:"/kareemdaher772/weather-app/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487907/; classtype:trojan-activity;sid:84351007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487908)"; flow:established,from_client; content:"GET"; http_method; content:"/m2iq1/sendfakebtc/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487908/; classtype:trojan-activity;sid:84351008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487909)"; flow:established,from_client; content:"GET"; http_method; content:"/rofix12/spring-microservices/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487909/; classtype:trojan-activity;sid:84351009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487910)"; flow:established,from_client; content:"GET"; http_method; content:"/maxt5n/deepseek-model-finetune-inference-platform/releases/download/v1.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487910/; classtype:trojan-activity;sid:84351010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487911)"; flow:established,from_client; content:"GET"; http_method; content:"/kareemdaher772/weather-app/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487911/; classtype:trojan-activity;sid:84351011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487905)"; flow:established,from_client; content:"GET"; http_method; content:"/rahul110110/rocket-telemetry-logger-using-raspberry-pi-pico/releases/download/v2.0/software.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487905/; classtype:trojan-activity;sid:84351005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487902)"; flow:established,from_client; content:"GET"; http_method; content:"/bryandejesusrt/reconocimiento-de-placas-con-ia-bytecoders/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487902/; classtype:trojan-activity;sid:84351002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487357)"; flow:established,from_client; content:"GET"; http_method; content:"/earth789dadadad/roblox-scriptify/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487357/; classtype:trojan-activity;sid:84350457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487360)"; flow:established,from_client; content:"GET"; http_method; content:"/wer812/bhh666666666666/raw/refs/heads/main/service.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487360/; classtype:trojan-activity;sid:84350460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487363)"; flow:established,from_client; content:"GET"; http_method; content:"/wer812/vbvgghjjio999000/raw/refs/heads/main/bnoaprihjatuasss.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487363/; classtype:trojan-activity;sid:84350463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487364)"; flow:established,from_client; content:"GET"; http_method; content:"/wer812/bbgy555555551/raw/refs/heads/main/ntladlklthawd.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487364/; classtype:trojan-activity;sid:84350464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487239)"; flow:established,from_client; content:"GET"; http_method; content:"/uelenka/supreme-spork/refs/heads/main/runtimebroker.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487239/; classtype:trojan-activity;sid:84350339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487088)"; flow:established,from_client; content:"GET"; http_method; content:"/sasikaanoj/roblox-fisch-script/releases/download/v2.0.4/robloxfischscript_v204.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487088/; classtype:trojan-activity;sid:84350188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487083)"; flow:established,from_client; content:"GET"; http_method; content:"/chenjee/roblox-scriptify/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487083/; classtype:trojan-activity;sid:84350183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487080)"; flow:established,from_client; content:"GET"; http_method; content:"/zenn000000/roblox-moon/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487080/; classtype:trojan-activity;sid:84350180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487082)"; flow:established,from_client; content:"GET"; http_method; content:"/zenn000000/roblox-moon/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487082/; classtype:trojan-activity;sid:84350182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487069)"; flow:established,from_client; content:"GET"; http_method; content:"/dl19"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487069/; classtype:trojan-activity;sid:84350169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.196.99.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486789/; classtype:trojan-activity;sid:84349889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.231.18.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486773/; classtype:trojan-activity;sid:84349873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486751)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.52.157.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486751/; classtype:trojan-activity;sid:84349851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486184)"; flow:established,from_client; content:"GET"; http_method; content:"/ilganrat342/dgasgxc/refs/heads/main/setup.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486184/; classtype:trojan-activity;sid:84349284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486183)"; flow:established,from_client; content:"GET"; http_method; content:"/lawrencesanity1108/gta-5-mod-menu-2024/releases/download/v1.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486183/; classtype:trojan-activity;sid:84349283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486174)"; flow:established,from_client; content:"GET"; http_method; content:"/wearetuanmuda/gta-5-mod-menu-2025/releases/download/v1.4.2/gta.5.mod.menu.2025.v1.4.2.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486174/; classtype:trojan-activity;sid:84349274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486175)"; flow:established,from_client; content:"GET"; http_method; content:"/potatowearsyeeezye/gta-5-mod-menu-2025/releases/download/3.7.2/gta-5-mod-menu-2025-v3.7.2.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486175/; classtype:trojan-activity;sid:84349275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485488)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"75.83.174.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485488/; classtype:trojan-activity;sid:84348588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485379)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.15.34.67"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485379/; classtype:trojan-activity;sid:84348479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485332)"; flow:established,from_client; content:"GET"; http_method; content:"/aasdasdqrunshkkkkkkk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"8.218.50.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485332/; classtype:trojan-activity;sid:84348432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485330)"; flow:established,from_client; content:"GET"; http_method; content:"/asdqsadsdahhhhhtxt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"8.218.50.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485330/; classtype:trojan-activity;sid:84348430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485329)"; flow:established,from_client; content:"GET"; http_method; content:"/ps_z.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8.218.50.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485329/; classtype:trojan-activity;sid:84348429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485218)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1skqylauso-qyfwv8cpo2eztn_g9hsqpp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485218/; classtype:trojan-activity;sid:84348318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485210)"; flow:established,from_client; content:"GET"; http_method; content:"/duduzx/como-ba/releases/download/v1.0/application.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485210/; classtype:trojan-activity;sid:84348310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485211)"; flow:established,from_client; content:"GET"; http_method; content:"/gusttahtxdev/roblox-incognito/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485211/; classtype:trojan-activity;sid:84348311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485212)"; flow:established,from_client; content:"GET"; http_method; content:"/anikthakur05/nosferatu-2/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485212/; classtype:trojan-activity;sid:84348312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485214)"; flow:established,from_client; content:"GET"; http_method; content:"/roblox12400z/dx9ware-roblox/releases/download/v1.0/app.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485214/; classtype:trojan-activity;sid:84348314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485215)"; flow:established,from_client; content:"GET"; http_method; content:"/salsiii/codex-roblox/releases/download/v1.0/app.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485215/; classtype:trojan-activity;sid:84348315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485198)"; flow:established,from_client; content:"GET"; http_method; content:"/maiosn12/celex-executor/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485198/; classtype:trojan-activity;sid:84348298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485202)"; flow:established,from_client; content:"GET"; http_method; content:"/maiosn12/celex-executor/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485202/; classtype:trojan-activity;sid:84348302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485203)"; flow:established,from_client; content:"GET"; http_method; content:"/tintermet/argon-executor-25/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485203/; classtype:trojan-activity;sid:84348303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485206)"; flow:established,from_client; content:"GET"; http_method; content:"/chrisisme5/dx9ware-roblox/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485206/; classtype:trojan-activity;sid:84348306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485207)"; flow:established,from_client; content:"GET"; http_method; content:"/anikthakur05/nosferatu-2/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485207/; classtype:trojan-activity;sid:84348307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485208)"; flow:established,from_client; content:"GET"; http_method; content:"/salsiii/codex-roblox/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485208/; classtype:trojan-activity;sid:84348308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485196)"; flow:established,from_client; content:"GET"; http_method; content:"/massambaf/dx9ware-roblox/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485196/; classtype:trojan-activity;sid:84348296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485194)"; flow:established,from_client; content:"GET"; http_method; content:"/febrixd/synapsez-executor/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485194/; classtype:trojan-activity;sid:84348294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485193)"; flow:established,from_client; content:"GET"; http_method; content:"/khalid2344/mint-executor/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485193/; classtype:trojan-activity;sid:84348293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485152)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ljeur3nyyghkno8rpr3djlli3fpp6rpq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485152/; classtype:trojan-activity;sid:84348252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485154)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kzbxe0sxh2nekdwfbbrvyzg6vsu-nmci"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485154/; classtype:trojan-activity;sid:84348254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485144)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1k4idibw1vtsntpbqtvbfabfgm2h5s14d"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485144/; classtype:trojan-activity;sid:84348244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485140)"; flow:established,from_client; content:"GET"; http_method; content:"/dalsaniyacoomercio/hydrogen-executor/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485140/; classtype:trojan-activity;sid:84348240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485125)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ek4th7ucqd9_h2yf9orhzhuallukeo0n"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485125/; classtype:trojan-activity;sid:84348225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485118)"; flow:established,from_client; content:"GET"; http_method; content:"/neymitobr/zorara-executor/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485118/; classtype:trojan-activity;sid:84348218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485114)"; flow:established,from_client; content:"GET"; http_method; content:"/neymitobr/zorara-executor/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485114/; classtype:trojan-activity;sid:84348214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485116)"; flow:established,from_client; content:"GET"; http_method; content:"/sporty18000/mobiledit-forensic-express-pro-free/releases/download/v1.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485116/; classtype:trojan-activity;sid:84348216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485112)"; flow:established,from_client; content:"GET"; http_method; content:"/filipxvz/roblox-synapse/releases/download/v1.6.2/roblox.synapse.v1.6.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485112/; classtype:trojan-activity;sid:84348212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485111)"; flow:established,from_client; content:"GET"; http_method; content:"/msaad453/nexus-roblox/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485111/; classtype:trojan-activity;sid:84348211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.axhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484605/; classtype:trojan-activity;sid:84347705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"axhelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484614/; classtype:trojan-activity;sid:84347714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"onyxfortitech.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484561/; classtype:trojan-activity;sid:84347661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"onyxsafenova.de"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484565/; classtype:trojan-activity;sid:84347665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"onyxleo.de"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484570/; classtype:trojan-activity;sid:84347670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"accesspoint.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484576/; classtype:trojan-activity;sid:84347676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484546)"; flow:established,from_client; content:"GET"; http_method; content:"/creation_made_by_grokai.mp4%20%20%20openai.com"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"innaflux.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484546/; classtype:trojan-activity;sid:84347646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484493)"; flow:established,from_client; content:"GET"; http_method; content:"/dl17"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484493/; classtype:trojan-activity;sid:84347593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484479)"; flow:established,from_client; content:"GET"; http_method; content:"/heartwfed/carbon-executor/releases/download/v3.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484479/; classtype:trojan-activity;sid:84347579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484480)"; flow:established,from_client; content:"GET"; http_method; content:"/timy2007/trigon-evo/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484480/; classtype:trojan-activity;sid:84347580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484481)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowlord11/arceus-executor/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484481/; classtype:trojan-activity;sid:84347581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484482)"; flow:established,from_client; content:"GET"; http_method; content:"/heartwfed/carbon-executor/releases/download/v2.0/program.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484482/; classtype:trojan-activity;sid:84347582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484483)"; flow:established,from_client; content:"GET"; http_method; content:"/heartwfed/carbon-executor/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484483/; classtype:trojan-activity;sid:84347583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484484)"; flow:established,from_client; content:"GET"; http_method; content:"/d3m0nvr/electron-executor/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484484/; classtype:trojan-activity;sid:84347584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484485)"; flow:established,from_client; content:"GET"; http_method; content:"/timy2007/trigon-evo/releases/download/v2.0/program.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484485/; classtype:trojan-activity;sid:84347585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484474)"; flow:established,from_client; content:"GET"; http_method; content:"/timy2007/trigon-evo/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484474/; classtype:trojan-activity;sid:84347574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484476)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowlord11/arceus-executor/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484476/; classtype:trojan-activity;sid:84347576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484478)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowlord11/arceus-executor/releases/download/v2.0/program.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484478/; classtype:trojan-activity;sid:84347578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484467)"; flow:established,from_client; content:"GET"; http_method; content:"/heartwfed/carbon-executor/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484467/; classtype:trojan-activity;sid:84347567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484468)"; flow:established,from_client; content:"GET"; http_method; content:"/d3m0nvr/electron-executor/releases/download/v3.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484468/; classtype:trojan-activity;sid:84347568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484469)"; flow:established,from_client; content:"GET"; http_method; content:"/d3m0nvr/electron-executor/releases/download/v2.0/release_x64.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484469/; classtype:trojan-activity;sid:84347569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484470)"; flow:established,from_client; content:"GET"; http_method; content:"/d3m0nvr/electron-executor/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484470/; classtype:trojan-activity;sid:84347570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484465)"; flow:established,from_client; content:"GET"; http_method; content:"/stepegemeyod/codex-roblox/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484465/; classtype:trojan-activity;sid:84347565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484466)"; flow:established,from_client; content:"GET"; http_method; content:"/timy2007/trigon-evo/releases/download/v3.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484466/; classtype:trojan-activity;sid:84347566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484464)"; flow:established,from_client; content:"GET"; http_method; content:"/stepegemeyod/codex-roblox/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484464/; classtype:trojan-activity;sid:84347564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484461)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowlord11/arceus-executor/releases/download/v3.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484461/; classtype:trojan-activity;sid:84347561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483994)"; flow:established,from_client; content:"GET"; http_method; content:"/r3dtop/chaos-executor/releases/download/v3.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483994/; classtype:trojan-activity;sid:84347094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483995)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483995/; classtype:trojan-activity;sid:84347095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483996)"; flow:established,from_client; content:"GET"; http_method; content:"/siwon1011/evon-executor/releases/download/v2.0/program.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483996/; classtype:trojan-activity;sid:84347096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483997)"; flow:established,from_client; content:"GET"; http_method; content:"/r3dtop/chaos-executor/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483997/; classtype:trojan-activity;sid:84347097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483999)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinytx/roblox-nihon/releases/download/v3.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483999/; classtype:trojan-activity;sid:84347099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484000)"; flow:established,from_client; content:"GET"; http_method; content:"/r3dtop/chaos-executor/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484000/; classtype:trojan-activity;sid:84347100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484001)"; flow:established,from_client; content:"GET"; http_method; content:"/hteregr/roblox-krampus/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484001/; classtype:trojan-activity;sid:84347101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484002)"; flow:established,from_client; content:"GET"; http_method; content:"/siwon1011/evon-executor/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484002/; classtype:trojan-activity;sid:84347102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484003)"; flow:established,from_client; content:"GET"; http_method; content:"/00146664032q/dx9ware-roblox/releases/download/v2.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484003/; classtype:trojan-activity;sid:84347103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484004)"; flow:established,from_client; content:"GET"; http_method; content:"/hoang24092003/arceus-executor/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484004/; classtype:trojan-activity;sid:84347104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484005)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinytx/roblox-nihon/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484005/; classtype:trojan-activity;sid:84347105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484006)"; flow:established,from_client; content:"GET"; http_method; content:"/siwon1011/evon-executor/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484006/; classtype:trojan-activity;sid:84347106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484007)"; flow:established,from_client; content:"GET"; http_method; content:"/00146664032q/dx9ware-roblox/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484007/; classtype:trojan-activity;sid:84347107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483988)"; flow:established,from_client; content:"GET"; http_method; content:"/loolsfrkg/roblox-oxygen/releases/download/v2.0/program.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483988/; classtype:trojan-activity;sid:84347088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483989)"; flow:established,from_client; content:"GET"; http_method; content:"/00146664032q/dx9ware-roblox/releases/download/v3.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483989/; classtype:trojan-activity;sid:84347089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483990)"; flow:established,from_client; content:"GET"; http_method; content:"/loolsfrkg/roblox-oxygen/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483990/; classtype:trojan-activity;sid:84347090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483991)"; flow:established,from_client; content:"GET"; http_method; content:"/hteregr/roblox-krampus/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483991/; classtype:trojan-activity;sid:84347091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483992)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinytx/roblox-nihon/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483992/; classtype:trojan-activity;sid:84347092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483987)"; flow:established,from_client; content:"GET"; http_method; content:"/00146664032q/dx9ware-roblox/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483987/; classtype:trojan-activity;sid:84347087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483985)"; flow:established,from_client; content:"GET"; http_method; content:"/amr414/roblox-celery/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483985/; classtype:trojan-activity;sid:84347085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483986)"; flow:established,from_client; content:"GET"; http_method; content:"/loolsfrkg/roblox-oxygen/releases/download/v3.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483986/; classtype:trojan-activity;sid:84347086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483983)"; flow:established,from_client; content:"GET"; http_method; content:"/hteregr/roblox-krampus/releases/download/v2.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483983/; classtype:trojan-activity;sid:84347083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483984)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v3.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483984/; classtype:trojan-activity;sid:84347084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483981)"; flow:established,from_client; content:"GET"; http_method; content:"/r3dtop/chaos-executor/releases/download/v2.0/program.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483981/; classtype:trojan-activity;sid:84347081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483982)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinytx/roblox-nihon/releases/download/v2.0/program.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483982/; classtype:trojan-activity;sid:84347082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483978)"; flow:established,from_client; content:"GET"; http_method; content:"/loolsfrkg/roblox-oxygen/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483978/; classtype:trojan-activity;sid:84347078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483979)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v2.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483979/; classtype:trojan-activity;sid:84347079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483980)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483980/; classtype:trojan-activity;sid:84347080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483406)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1q6iji-1uq5ksrr3luufy3to-jfs4ec4d"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483406/; classtype:trojan-activity;sid:84346506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483323)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1t_h_eu-5meupkkfv3hodgoedmavqmpit"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483323/; classtype:trojan-activity;sid:84346423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483320)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1fhxdzqg5lkzllr_-c0tgrhpjvihp25ji"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483320/; classtype:trojan-activity;sid:84346420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483319)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1inbpqtz2qyus0zqldnbhutbzwgdghhs0"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483319/; classtype:trojan-activity;sid:84346419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483317)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1g4q6iay5qjzlgigjqnwftkdc5-o_2pqx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483317/; classtype:trojan-activity;sid:84346417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483316)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hau14yej_4avfjuhym_bme4icvx1nqgq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483316/; classtype:trojan-activity;sid:84346416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483309)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cl-nvhrrue_wg2zkpuxmvk40tk3knacb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483309/; classtype:trojan-activity;sid:84346409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483310)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wuuhgyp5h960nq0lytu0zaxialb78byb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483310/; classtype:trojan-activity;sid:84346410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483308)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=10yn0gknsk0hopi5eyv9vxkxxvmwi9k4u"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483308/; classtype:trojan-activity;sid:84346408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483034)"; flow:established,from_client; content:"GET"; http_method; content:"/alfroy/roblox-incognito/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483034/; classtype:trojan-activity;sid:84346134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483030)"; flow:established,from_client; content:"GET"; http_method; content:"/iampoo31331/hydrogen-executor/releases/download/v1.0/executor.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483030/; classtype:trojan-activity;sid:84346130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483023)"; flow:established,from_client; content:"GET"; http_method; content:"/solodeveloperop/roexec-executor/releases/download/v2.0/program.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483023/; classtype:trojan-activity;sid:84346123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483025)"; flow:established,from_client; content:"GET"; http_method; content:"/thealonemax/roexec-executor/releases/download/v1.0/executor.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483025/; classtype:trojan-activity;sid:84346125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483026)"; flow:established,from_client; content:"GET"; http_method; content:"/progmainging/roblox-celery/releases/download/2.9.9-alpha.2/roblox.celery.2.9.9.alpha.2.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483026/; classtype:trojan-activity;sid:84346126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483027)"; flow:established,from_client; content:"GET"; http_method; content:"/doszxc/hydrogen-executor/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483027/; classtype:trojan-activity;sid:84346127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483028)"; flow:established,from_client; content:"GET"; http_method; content:"/doszxc/hydrogen-executor/releases/download/v3.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483028/; classtype:trojan-activity;sid:84346128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483029)"; flow:established,from_client; content:"GET"; http_method; content:"/masterlines/electron-executor/releases/download/v1.0/executor.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483029/; classtype:trojan-activity;sid:84346129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483018)"; flow:established,from_client; content:"GET"; http_method; content:"/alfroy/roblox-incognito/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483018/; classtype:trojan-activity;sid:84346118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483019)"; flow:established,from_client; content:"GET"; http_method; content:"/masterlines/electron-executor/releases/download/v2.0/program.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483019/; classtype:trojan-activity;sid:84346119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483020)"; flow:established,from_client; content:"GET"; http_method; content:"/doszxc/hydrogen-executor/releases/download/v2.0/program.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483020/; classtype:trojan-activity;sid:84346120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483021)"; flow:established,from_client; content:"GET"; http_method; content:"/pochimoli/electron-executor/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483021/; classtype:trojan-activity;sid:84346121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483017)"; flow:established,from_client; content:"GET"; http_method; content:"/pochimoli/electron-executor/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483017/; classtype:trojan-activity;sid:84346117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483015)"; flow:established,from_client; content:"GET"; http_method; content:"/thealonemax/roexec-executor/releases/download/v2.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483015/; classtype:trojan-activity;sid:84346115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483014)"; flow:established,from_client; content:"GET"; http_method; content:"/doszxc/hydrogen-executor/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483014/; classtype:trojan-activity;sid:84346114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483008)"; flow:established,from_client; content:"GET"; http_method; content:"/alfroy/roblox-incognito/releases/download/v3.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483008/; classtype:trojan-activity;sid:84346108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483006)"; flow:established,from_client; content:"GET"; http_method; content:"/alfroy/roblox-incognito/releases/download/v2.0/program.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483006/; classtype:trojan-activity;sid:84346106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482360)"; flow:established,from_client; content:"GET"; http_method; content:"/omio-saha/spotify_data_pipe_snowflake/releases/download/v1.0/release_x64.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482360/; classtype:trojan-activity;sid:84345460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482367)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v1.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482367/; classtype:trojan-activity;sid:84345467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482368)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482368/; classtype:trojan-activity;sid:84345468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482333)"; flow:established,from_client; content:"GET"; http_method; content:"/k4tuu/roblox-faxi-macro/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482333/; classtype:trojan-activity;sid:84345433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482343)"; flow:established,from_client; content:"GET"; http_method; content:"/neffriana/swift-executor/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482343/; classtype:trojan-activity;sid:84345443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482330)"; flow:established,from_client; content:"GET"; http_method; content:"/namexer4all/evon-executor/releases/download/v1.0.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482330/; classtype:trojan-activity;sid:84345430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482262)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/css/colors/sunrise/xundfaxgnsp84.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"www.automobile-bk.de"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482262/; classtype:trojan-activity;sid:84345362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482259)"; flow:established,from_client; content:"GET"; http_method; content:"/2023/xundfaxgnsp84.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.luuk-lifestyle.eu"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482259/; classtype:trojan-activity;sid:84345359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482257)"; flow:established,from_client; content:"GET"; http_method; content:"/bear/2020/goldarnedest.aca"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.support-data.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482257/; classtype:trojan-activity;sid:84345357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482102)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/de373d0df/f0eee999"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sharegolem.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482102/; classtype:trojan-activity;sid:84345202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481956)"; flow:established,from_client; content:"GET"; http_method; content:"/numonehittaboy/cdn/refs/heads/main/cvf.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481956/; classtype:trojan-activity;sid:84345056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.79.114.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481604/; classtype:trojan-activity;sid:84344704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.159.106.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481603/; classtype:trojan-activity;sid:84344703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481344)"; flow:established,from_client; content:"GET"; http_method; content:"/alishazara/api/refs/heads/master/rh_s.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481344/; classtype:trojan-activity;sid:84344444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481138)"; flow:established,from_client; content:"GET"; http_method; content:"/6354/70534a410169b51c914e9ac9ca318c73/skidanov2017.pdf"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"2024.sci-hub.se"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481138/; classtype:trojan-activity;sid:84344238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480616)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/u/raw/main/ud.bat"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480616/; classtype:trojan-activity;sid:84343716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480361)"; flow:established,from_client; content:"GET"; http_method; content:"/elijahhx/dead1ock-h4ck/releases/download/v2.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480361/; classtype:trojan-activity;sid:84343461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480359)"; flow:established,from_client; content:"GET"; http_method; content:"/nurraif/mytonwallet/releases/download/v2.0/program.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480359/; classtype:trojan-activity;sid:84343459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480320)"; flow:established,from_client; content:"GET"; http_method; content:"/thilakshanthavarajah/simpletemp-demo/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480320/; classtype:trojan-activity;sid:84343420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480322)"; flow:established,from_client; content:"GET"; http_method; content:"/dasara21/hypermatch/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480322/; classtype:trojan-activity;sid:84343422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"crtjpanel.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480289/; classtype:trojan-activity;sid:84343389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480279)"; flow:established,from_client; content:"GET"; http_method; content:"/pig85236/45k-udemy-course-wordpress-posts/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480279/; classtype:trojan-activity;sid:84343379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480277)"; flow:established,from_client; content:"GET"; http_method; content:"/gwynelan/linux-basics-for-hackers/releases/download/v2.1.2/linux-basics-for-hackers-v2.1.2.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480277/; classtype:trojan-activity;sid:84343377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480278)"; flow:established,from_client; content:"GET"; http_method; content:"/thanatapn/postman-api-client-setup/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480278/; classtype:trojan-activity;sid:84343378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480271)"; flow:established,from_client; content:"GET"; http_method; content:"/yusen0820/linux-basics-for-hackers/releases/download/v2.6.9/linux-basics-for-hackers-v2.6.9.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480271/; classtype:trojan-activity;sid:84343371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480273)"; flow:established,from_client; content:"GET"; http_method; content:"/kietmio/awesome-nlp-papers/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480273/; classtype:trojan-activity;sid:84343373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480274)"; flow:established,from_client; content:"GET"; http_method; content:"/gollfinho/browser-testing/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480274/; classtype:trojan-activity;sid:84343374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480275)"; flow:established,from_client; content:"GET"; http_method; content:"/barza22/phpstorm-jetbrains-unlimited-ide/releases/download/v1.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480275/; classtype:trojan-activity;sid:84343375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480276)"; flow:established,from_client; content:"GET"; http_method; content:"/matezk1/rufus-bootable-usb-installer-2025/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480276/; classtype:trojan-activity;sid:84343376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480269)"; flow:established,from_client; content:"GET"; http_method; content:"/erichoang2809/rivals-script/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480269/; classtype:trojan-activity;sid:84343369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480264)"; flow:established,from_client; content:"GET"; http_method; content:"/basha2247/driver-booster-pro-installer-2025/releases/download/v1.6.7/driver.booster.pro.installer.2025.v1.6.7.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480264/; classtype:trojan-activity;sid:84343364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480265)"; flow:established,from_client; content:"GET"; http_method; content:"/dannythescripter/rails-modern-stack-template/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480265/; classtype:trojan-activity;sid:84343365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480243)"; flow:established,from_client; content:"GET"; http_method; content:"/monggosporlyp/circlexo/releases/download/v1.2/soft.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480243/; classtype:trojan-activity;sid:84343343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480244)"; flow:established,from_client; content:"GET"; http_method; content:"/progmainging/roblox-celery/releases/download/3.8.2/roblox.celery.3.8.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480244/; classtype:trojan-activity;sid:84343344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480245)"; flow:established,from_client; content:"GET"; http_method; content:"/mynameisbenja/metodis_bot/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480245/; classtype:trojan-activity;sid:84343345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480236)"; flow:established,from_client; content:"GET"; http_method; content:"/vixiecheatz/free-lita-raider/releases/download/v3.4.1/free-lita-raider-v3.4.1.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480236/; classtype:trojan-activity;sid:84343336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480239)"; flow:established,from_client; content:"GET"; http_method; content:"/gnascimento10/roblox-beaming-tool/releases/download/v2.0/application.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480239/; classtype:trojan-activity;sid:84343339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480241)"; flow:established,from_client; content:"GET"; http_method; content:"/itzmartinsk/atlant_bot/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480241/; classtype:trojan-activity;sid:84343341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479407)"; flow:established,from_client; content:"GET"; http_method; content:"/john22-cell/codex-roblox-2025/releases/download/v1.3.0/codex.roblox.sunset.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479407/; classtype:trojan-activity;sid:84342507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479330)"; flow:established,from_client; content:"GET"; http_method; content:"/arcnassss/roblox/releases/download/v2.5.9/roblox_v2.5.9.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479330/; classtype:trojan-activity;sid:84342430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479331)"; flow:established,from_client; content:"GET"; http_method; content:"/nightlant/krnl-executor/releases/download/2.7.3/krnl-executor-2.7.3.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479331/; classtype:trojan-activity;sid:84342431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479332)"; flow:established,from_client; content:"GET"; http_method; content:"/earth789dadadad/roblox-scriptify/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479332/; classtype:trojan-activity;sid:84342432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479334)"; flow:established,from_client; content:"GET"; http_method; content:"/gusttahtxdev/roblox-incognito/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479334/; classtype:trojan-activity;sid:84342434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479335)"; flow:established,from_client; content:"GET"; http_method; content:"/walter2016/krnl-lua-script-injector-for-roblox-game-development/releases/download/v1.3.4/krnl.lua.script.injector.v1.3.4.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479335/; classtype:trojan-activity;sid:84342435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479336)"; flow:established,from_client; content:"GET"; http_method; content:"/giangnewbie/jjsploit/releases/download/v1.0.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479336/; classtype:trojan-activity;sid:84342436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479329)"; flow:established,from_client; content:"GET"; http_method; content:"/enderrobohd/codex-roblox-2025/releases/download/2.1.7/codex.roblox.2025.version.2.1.7.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479329/; classtype:trojan-activity;sid:84342429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479326)"; flow:established,from_client; content:"GET"; http_method; content:"/breezygenerator/roblox-synapse/releases/download/semimonster/roblox.synapse.semimonster.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479326/; classtype:trojan-activity;sid:84342426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479322)"; flow:established,from_client; content:"GET"; http_method; content:"/xtone12/roblox-celery/releases/download/v3.3.6/roblox.celery.v3.3.6.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479322/; classtype:trojan-activity;sid:84342422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479323)"; flow:established,from_client; content:"GET"; http_method; content:"/hellochat00000/roblox-fisch-script/releases/download/1.1.5-beta.5/roblox-fisch-script-1.1.5-beta.5.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479323/; classtype:trojan-activity;sid:84342423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479325)"; flow:established,from_client; content:"GET"; http_method; content:"/nt8068/awp.gg-executor-roblox/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479325/; classtype:trojan-activity;sid:84342425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479321)"; flow:established,from_client; content:"GET"; http_method; content:"/ainulgaming/bypass-hwid-spoofer/releases/download/v1.3.6/slidesharedownloader_v2.3.0.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479321/; classtype:trojan-activity;sid:84342421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxsafetrack.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479159/; classtype:trojan-activity;sid:84342259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxstealthnet.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479154/; classtype:trojan-activity;sid:84342254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxaquarius.de"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479152/; classtype:trojan-activity;sid:84342252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"96.9.87.21"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478732/; classtype:trojan-activity;sid:84341832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.45.73.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478613/; classtype:trojan-activity;sid:84341713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478512)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.1.109.99"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478512/; classtype:trojan-activity;sid:84341612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.81.45.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478495/; classtype:trojan-activity;sid:84341595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.149.178.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478498/; classtype:trojan-activity;sid:84341598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxleo.de"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477548/; classtype:trojan-activity;sid:84340648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxfortifypro.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477468/; classtype:trojan-activity;sid:84340568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxguardshift.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477469/; classtype:trojan-activity;sid:84340569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxnexguard.de"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477470/; classtype:trojan-activity;sid:84340570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxsentinelx.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477460/; classtype:trojan-activity;sid:84340560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxsafecrypt.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477462/; classtype:trojan-activity;sid:84340562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"axhelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477453/; classtype:trojan-activity;sid:84340553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxsecuregate.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477457/; classtype:trojan-activity;sid:84340557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxfortitech.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477302/; classtype:trojan-activity;sid:84340402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"acc.wtshelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477305/; classtype:trojan-activity;sid:84340405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxcyberapex.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477161/; classtype:trojan-activity;sid:84340261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxsafenova.de"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477157/; classtype:trojan-activity;sid:84340257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476822)"; flow:established,from_client; content:"GET"; http_method; content:"/toxicaynone/hwid-spoofer-and-cleaner-2024/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476822/; classtype:trojan-activity;sid:84339922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475899)"; flow:established,from_client; content:"GET"; http_method; content:"/afjhr/iexplorer-free/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475899/; classtype:trojan-activity;sid:84338999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475894)"; flow:established,from_client; content:"GET"; http_method; content:"/farizalsalman21/keon/releases/download/v2.0/release_x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475894/; classtype:trojan-activity;sid:84338994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475896)"; flow:established,from_client; content:"GET"; http_method; content:"/iqquxd/futzin-online/releases/download/v2.0/release_x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475896/; classtype:trojan-activity;sid:84338996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475656)"; flow:established,from_client; content:"GET"; http_method; content:"/pufferfish420/fixing-error-0x8007000e/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475656/; classtype:trojan-activity;sid:84338756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475655)"; flow:established,from_client; content:"GET"; http_method; content:"/pritamdash143/art-expo/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475655/; classtype:trojan-activity;sid:84338755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475653)"; flow:established,from_client; content:"GET"; http_method; content:"/narfor502/cucumberbddframework/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475653/; classtype:trojan-activity;sid:84338753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475642)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/githubtutorial/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475642/; classtype:trojan-activity;sid:84338742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475643)"; flow:established,from_client; content:"GET"; http_method; content:"/itsuzerz/evon-executor/releases/download/v2.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475643/; classtype:trojan-activity;sid:84338743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475644)"; flow:established,from_client; content:"GET"; http_method; content:"/phamtaino/fixing-error-0x80004005-unspecified/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475644/; classtype:trojan-activity;sid:84338744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475645)"; flow:established,from_client; content:"GET"; http_method; content:"/attorneywenn/pragati_backend_2025/releases/download/v2.0/application.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475645/; classtype:trojan-activity;sid:84338745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475646)"; flow:established,from_client; content:"GET"; http_method; content:"/pufferfish420/fixing-error-0x8007000e/releases/download/v2.0/program.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475646/; classtype:trojan-activity;sid:84338746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475647)"; flow:established,from_client; content:"GET"; http_method; content:"/andreh219/freeflux/releases/download/v2.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475647/; classtype:trojan-activity;sid:84338747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475650)"; flow:established,from_client; content:"GET"; http_method; content:"/noob123-art/hamster-clicker/releases/download/v3.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475650/; classtype:trojan-activity;sid:84338750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475651)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_selinux/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475651/; classtype:trojan-activity;sid:84338751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475624)"; flow:established,from_client; content:"GET"; http_method; content:"/boomerxd69/amog-os-lts/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475624/; classtype:trojan-activity;sid:84338724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475625)"; flow:established,from_client; content:"GET"; http_method; content:"/7777suprim/expo-rsc-movies/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475625/; classtype:trojan-activity;sid:84338725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475626)"; flow:established,from_client; content:"GET"; http_method; content:"/progamer912-commits/dayz-cheat-h4ck-a1mb0t/releases/download/v2.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475626/; classtype:trojan-activity;sid:84338726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475627)"; flow:established,from_client; content:"GET"; http_method; content:"/msaad453/nexus-roblox/releases/download/v2.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475627/; classtype:trojan-activity;sid:84338727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475628)"; flow:established,from_client; content:"GET"; http_method; content:"/superoidaa/fixing-error-0x803f8001/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475628/; classtype:trojan-activity;sid:84338728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475629)"; flow:established,from_client; content:"GET"; http_method; content:"/siwon1011/evon-executor/releases/download/v3.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475629/; classtype:trojan-activity;sid:84338729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475630)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinyxml/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475630/; classtype:trojan-activity;sid:84338730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475631)"; flow:established,from_client; content:"GET"; http_method; content:"/vyshnavidevi11/frtproject/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475631/; classtype:trojan-activity;sid:84338731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475634)"; flow:established,from_client; content:"GET"; http_method; content:"/trey89878668/dagger/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475634/; classtype:trojan-activity;sid:84338734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475635)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/realtime-chat-app/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475635/; classtype:trojan-activity;sid:84338735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475636)"; flow:established,from_client; content:"GET"; http_method; content:"/itznaviya/hamster-kombat-bot/releases/download/v3.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475636/; classtype:trojan-activity;sid:84338736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475637)"; flow:established,from_client; content:"GET"; http_method; content:"/kasonsh2450/fixing-error-0x80070005-access-denied/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475637/; classtype:trojan-activity;sid:84338737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475639)"; flow:established,from_client; content:"GET"; http_method; content:"/toanminh2004/fixing-error-0x80070424-specified-service/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475639/; classtype:trojan-activity;sid:84338739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475640)"; flow:established,from_client; content:"GET"; http_method; content:"/chrisgod/projectzomboidmodmenu/releases/download/v2.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475640/; classtype:trojan-activity;sid:84338740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475641)"; flow:established,from_client; content:"GET"; http_method; content:"/ggggddjh/fixing-error-0xc0000142/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475641/; classtype:trojan-activity;sid:84338741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475614)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/youtube_playlist_downloader/releases/download/v2.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475614/; classtype:trojan-activity;sid:84338714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475615)"; flow:established,from_client; content:"GET"; http_method; content:"/naiahahah/musicbox/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475615/; classtype:trojan-activity;sid:84338715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475616)"; flow:established,from_client; content:"GET"; http_method; content:"/hteregr/roblox-krampus/releases/download/v3.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475616/; classtype:trojan-activity;sid:84338716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475620)"; flow:established,from_client; content:"GET"; http_method; content:"/kasonsh2450/bananan-shooter-hack-interna-/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475620/; classtype:trojan-activity;sid:84338720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475621)"; flow:established,from_client; content:"GET"; http_method; content:"/godsetup/aspx-gh0st-executor/releases/download/v2.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475621/; classtype:trojan-activity;sid:84338721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475623)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475623/; classtype:trojan-activity;sid:84338723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475613)"; flow:established,from_client; content:"GET"; http_method; content:"/itzidkmoment/flutter_flower_clone_app/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475613/; classtype:trojan-activity;sid:84338713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475604)"; flow:established,from_client; content:"GET"; http_method; content:"/akusayudodograu/agentic-rag-story-generation-with-multimodal-genai/releases/download/v2.0/software.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475604/; classtype:trojan-activity;sid:84338704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474916)"; flow:established,from_client; content:"GET"; http_method; content:"/afonsosousait/freeroam/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474916/; classtype:trojan-activity;sid:84338016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474919)"; flow:established,from_client; content:"GET"; http_method; content:"/sporty18000/mobiledit-forensic-express-pro-free/releases/download/v2.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474919/; classtype:trojan-activity;sid:84338019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474822)"; flow:established,from_client; content:"GET"; http_method; content:"/phucthieul/gta-5-mod-menu-2025/releases/download/v1.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474822/; classtype:trojan-activity;sid:84337922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474824)"; flow:established,from_client; content:"GET"; http_method; content:"/rock-op123/athena-executor/releases/download/v2.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474824/; classtype:trojan-activity;sid:84337924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474801)"; flow:established,from_client; content:"GET"; http_method; content:"/muterfree/nexus-roblox/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474801/; classtype:trojan-activity;sid:84337901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474802)"; flow:established,from_client; content:"GET"; http_method; content:"/rafy35198/jjsploit/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474802/; classtype:trojan-activity;sid:84337902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474803)"; flow:established,from_client; content:"GET"; http_method; content:"/micheldouglas/roexec-executor/releases/download/v2.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474803/; classtype:trojan-activity;sid:84337903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474805)"; flow:established,from_client; content:"GET"; http_method; content:"/okallo123/roblox-faxi-macro/releases/download/v2.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474805/; classtype:trojan-activity;sid:84337905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474806)"; flow:established,from_client; content:"GET"; http_method; content:"/tintermet/argon-executor-25/releases/download/v2.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474806/; classtype:trojan-activity;sid:84337906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474808)"; flow:established,from_client; content:"GET"; http_method; content:"/giiyu12/codex-roblox/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474808/; classtype:trojan-activity;sid:84337908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474809)"; flow:established,from_client; content:"GET"; http_method; content:"/meshmod/roblox-celery/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474809/; classtype:trojan-activity;sid:84337909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474810)"; flow:established,from_client; content:"GET"; http_method; content:"/batman00md/roblox-fisch-script/releases/download/v2.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474810/; classtype:trojan-activity;sid:84337910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474813)"; flow:established,from_client; content:"GET"; http_method; content:"/lawrencesanity1108/gta-5-mod-menu-2024/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474813/; classtype:trojan-activity;sid:84337913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474817)"; flow:established,from_client; content:"GET"; http_method; content:"/agr1us/roblox-oxygen/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474817/; classtype:trojan-activity;sid:84337917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474819)"; flow:established,from_client; content:"GET"; http_method; content:"/kaykycampos/gta-benchmark/releases/download/v2.0/release_x64.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474819/; classtype:trojan-activity;sid:84337919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474820)"; flow:established,from_client; content:"GET"; http_method; content:"/iampoo31331/hydrogen-executor/releases/download/v2.0/program.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474820/; classtype:trojan-activity;sid:84337920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474758)"; flow:established,from_client; content:"GET"; http_method; content:"/namexer4all/evon-executor/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474758/; classtype:trojan-activity;sid:84337858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474759)"; flow:established,from_client; content:"GET"; http_method; content:"/duduzx/como-ba/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474759/; classtype:trojan-activity;sid:84337859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474760)"; flow:established,from_client; content:"GET"; http_method; content:"/relic87/blox-fruits-script-roblox/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474760/; classtype:trojan-activity;sid:84337860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474750)"; flow:established,from_client; content:"GET"; http_method; content:"/pixxxxxss/roblox-celery/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474750/; classtype:trojan-activity;sid:84337850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474738)"; flow:established,from_client; content:"GET"; http_method; content:"/hoang24092003/arceus-executor/releases/download/v2.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474738/; classtype:trojan-activity;sid:84337838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474740)"; flow:established,from_client; content:"GET"; http_method; content:"/amr414/roblox-celery/releases/download/v2.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474740/; classtype:trojan-activity;sid:84337840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474742)"; flow:established,from_client; content:"GET"; http_method; content:"/newgenmightywarrior/nexus-roblox/releases/download/v2.0/application.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474742/; classtype:trojan-activity;sid:84337842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474743)"; flow:established,from_client; content:"GET"; http_method; content:"/chenjee/roblox-scriptify/releases/download/v2.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474743/; classtype:trojan-activity;sid:84337843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474744)"; flow:established,from_client; content:"GET"; http_method; content:"/doomzday4032/blox-fruits-autofarm/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474744/; classtype:trojan-activity;sid:84337844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474745)"; flow:established,from_client; content:"GET"; http_method; content:"/dalsaniyacoomercio/hydrogen-executor/releases/download/v2.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474745/; classtype:trojan-activity;sid:84337845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474746)"; flow:established,from_client; content:"GET"; http_method; content:"/juanvicthor/argon-executor/releases/download/v2.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474746/; classtype:trojan-activity;sid:84337846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474749)"; flow:established,from_client; content:"GET"; http_method; content:"/ishratali007/n3xus-scr1pt-r0bl0x/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474749/; classtype:trojan-activity;sid:84337849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473787)"; flow:established,from_client; content:"GET"; http_method; content:"/cartervr/taxdatabase-sql-tableau/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473787/; classtype:trojan-activity;sid:84336887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473781)"; flow:established,from_client; content:"GET"; http_method; content:"/seltarrx/vite-react-project-setup-scripts/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473781/; classtype:trojan-activity;sid:84336881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473782)"; flow:established,from_client; content:"GET"; http_method; content:"/preakp90/python_wallpaper_crawler/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473782/; classtype:trojan-activity;sid:84336882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473783)"; flow:established,from_client; content:"GET"; http_method; content:"/awisyhaziq/g4/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473783/; classtype:trojan-activity;sid:84336883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473765)"; flow:established,from_client; content:"GET"; http_method; content:"/xterminatordenuci/optimiseur-de-slug-url/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473765/; classtype:trojan-activity;sid:84336865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473766)"; flow:established,from_client; content:"GET"; http_method; content:"/ggusercool/pancakeswapbnbprediction/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473766/; classtype:trojan-activity;sid:84336866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473767)"; flow:established,from_client; content:"GET"; http_method; content:"/nass3344/trello-like-api/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473767/; classtype:trojan-activity;sid:84336867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473768)"; flow:established,from_client; content:"GET"; http_method; content:"/ab-ff/multi-bit-comparator/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473768/; classtype:trojan-activity;sid:84336868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473770)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/smart-web-scraper-2.0-using-gen-ai/releases/download/v1.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473770/; classtype:trojan-activity;sid:84336870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473771)"; flow:established,from_client; content:"GET"; http_method; content:"/hambez/stm32-imu-visualizer/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473771/; classtype:trojan-activity;sid:84336871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473774)"; flow:established,from_client; content:"GET"; http_method; content:"/huizuohaode/ai-image-generator/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473774/; classtype:trojan-activity;sid:84336874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473775)"; flow:established,from_client; content:"GET"; http_method; content:"/jaydenth/roblox-synapse/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473775/; classtype:trojan-activity;sid:84336875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473776)"; flow:established,from_client; content:"GET"; http_method; content:"/brevidade/fleet-pattern/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473776/; classtype:trojan-activity;sid:84336876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473777)"; flow:established,from_client; content:"GET"; http_method; content:"/yosif9999/hamster-clicker/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473777/; classtype:trojan-activity;sid:84336877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473778)"; flow:established,from_client; content:"GET"; http_method; content:"/youssefmasoud19999/instagram-auto-liker/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473778/; classtype:trojan-activity;sid:84336878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473779)"; flow:established,from_client; content:"GET"; http_method; content:"/led-sol/mental-health-chatbot/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473779/; classtype:trojan-activity;sid:84336879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473576)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ovluq0bdu-cys5xvyogyjd5qidqb1per"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473576/; classtype:trojan-activity;sid:84336676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473160)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1d4aper-gjv3agk8yeny5scayonlc68yo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473160/; classtype:trojan-activity;sid:84336260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473085)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473085/; classtype:trojan-activity;sid:84336185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472771)"; flow:established,from_client; content:"GET"; http_method; content:"/ujkflzer45sc0"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472771/; classtype:trojan-activity;sid:84335871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472675)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472675/; classtype:trojan-activity;sid:84335775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472068)"; flow:established,from_client; content:"GET"; http_method; content:"/_wcm_images/prod.jpg"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"employees.medicalcenterclinic.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472068/; classtype:trojan-activity;sid:84335168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472065)"; flow:established,from_client; content:"GET"; http_method; content:"/_wcm_images/toke.jpg"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"employees.medicalcenterclinic.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472065/; classtype:trojan-activity;sid:84335165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472066)"; flow:established,from_client; content:"GET"; http_method; content:"/_wcm_images/si.jpg"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"employees.medicalcenterclinic.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472066/; classtype:trojan-activity;sid:84335166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472063)"; flow:established,from_client; content:"GET"; http_method; content:"/_wcm_images/bea.jpg"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"employees.medicalcenterclinic.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472063/; classtype:trojan-activity;sid:84335163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471988)"; flow:established,from_client; content:"GET"; http_method; content:"/srv/fup/uploads/drgdf.hgfg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.blackhost.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471988/; classtype:trojan-activity;sid:84335088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.20.230.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471621/; classtype:trojan-activity;sid:84334721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470671)"; flow:established,from_client; content:"GET"; http_method; content:"/ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1728896464326/4.txt"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"fs-im-kefu.7moor-fs1.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470671/; classtype:trojan-activity;sid:84333771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470670)"; flow:established,from_client; content:"GET"; http_method; content:"/ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1741169086388/3.txt"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"fs-im-kefu.7moor-fs1.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470670/; classtype:trojan-activity;sid:84333770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470668)"; flow:established,from_client; content:"GET"; http_method; content:"/ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1741001373486/7.txt"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"fs-im-kefu.7moor-fs1.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470668/; classtype:trojan-activity;sid:84333768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"128.127.102.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469685/; classtype:trojan-activity;sid:84332785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468872)"; flow:established,from_client; content:"GET"; http_method; content:"/xraqwapfu.pdf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"galerisenimutiara.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468872/; classtype:trojan-activity;sid:84331972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.66.163.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468511/; classtype:trojan-activity;sid:84331611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468385)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"indialign.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468385/; classtype:trojan-activity;sid:84331485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467629)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1drptefwc7xybtum52bikrhp4j4l6lttc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467629/; classtype:trojan-activity;sid:84330729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467546)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2d42ffe-779b-4107-ac42-7f36375aab37/downloads/fojik.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467546/; classtype:trojan-activity;sid:84330646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467537)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/61705749605.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467537/; classtype:trojan-activity;sid:84330637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467538)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dd3b43cd-389e-413e-87b9-e21f40c2630d/downloads/guledazawabumoda.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467538/; classtype:trojan-activity;sid:84330638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467530)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20220125031952if_/https://uploads.strikinglycdn.com/files/8318c966-e52a-40ef-94e6-45f59a0c5fd2/7093784418.pdf"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467530/; classtype:trojan-activity;sid:84330630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467533)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/637623a6-af9b-4a69-90a8-85cd562c999e/downloads/niwexokaburule.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467533/; classtype:trojan-activity;sid:84330633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467528)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96f90b6e-3939-4cac-a3ad-eba9fb8219bf/downloads/71599608952.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467528/; classtype:trojan-activity;sid:84330628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467523)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3e712c63-2f24-4e6b-a5dc-ff3233100bea/downloads/72290413200.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467523/; classtype:trojan-activity;sid:84330623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467524)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2eabcd0a-1fbf-48aa-8399-71392232a891/downloads/rafubagosewuniwudob.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467524/; classtype:trojan-activity;sid:84330624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467525)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/70485427967.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467525/; classtype:trojan-activity;sid:84330625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467526)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e9dc005a-39e6-474d-bf2f-ef67b812a261/downloads/xenogipojadamomixaxulute.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467526/; classtype:trojan-activity;sid:84330626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467527)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/9089368795.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467527/; classtype:trojan-activity;sid:84330627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467516)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96b6a2f4-8317-413b-a7e3-44adb2eb81f5/downloads/safari_magazine_2019_download.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467516/; classtype:trojan-activity;sid:84330616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467517)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8014aeaa-17b8-4bcd-a9d7-094ad1ff7644/downloads/fusoze.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467517/; classtype:trojan-activity;sid:84330617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467519)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/plan_technique_piscine_a_debordement.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467519/; classtype:trojan-activity;sid:84330619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467521)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/83838390139.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467521/; classtype:trojan-activity;sid:84330621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467510)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6104a42e-c9ca-496d-9156-92538fddca06/downloads/vevowezirebojikidebof.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467510/; classtype:trojan-activity;sid:84330610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467513)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/temisipilotiba.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467513/; classtype:trojan-activity;sid:84330613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467501)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/79427765137.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467501/; classtype:trojan-activity;sid:84330601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467478)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/examples_of_employee_goals_for_performance_review.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467478/; classtype:trojan-activity;sid:84330578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467477)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/50228966329.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467477/; classtype:trojan-activity;sid:84330577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467475)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/educational_leadership_philosophy_examples.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467475/; classtype:trojan-activity;sid:84330575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467476)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/299c0676-bac5-4db6-8fea-3075091e1687/downloads/61526216713.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467476/; classtype:trojan-activity;sid:84330576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467465)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/gumofeke.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467465/; classtype:trojan-activity;sid:84330565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467466)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/mawanigokur.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467466/; classtype:trojan-activity;sid:84330566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467469)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/36054141231.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467469/; classtype:trojan-activity;sid:84330569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467470)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37fc73a-27ae-4e8d-87b6-7c807b298be6/downloads/85925649248.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467470/; classtype:trojan-activity;sid:84330570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467471)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/educacion_financiera_avanzada_partiendo_de_cero_autor_gregor.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467471/; classtype:trojan-activity;sid:84330571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467472)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/663ae0bf-1142-4d7a-8653-755553f6852e/downloads/lejafarezafig.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467472/; classtype:trojan-activity;sid:84330572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467474)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/biwejukajurel.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467474/; classtype:trojan-activity;sid:84330574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467458)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/6083216094.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467458/; classtype:trojan-activity;sid:84330558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467459)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62128af0-82d0-4bae-b967-d393a4304003/downloads/69065118383.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467459/; classtype:trojan-activity;sid:84330559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467461)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/51e053ea-8122-46e3-bee6-6c00a935619c/downloads/40061082597.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467461/; classtype:trojan-activity;sid:84330561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467462)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/94224235634.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467462/; classtype:trojan-activity;sid:84330562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467463)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/739cff78-28a4-4749-8c7f-abf371b6a947/downloads/62789327536.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467463/; classtype:trojan-activity;sid:84330563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467464)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ee12fbcb-3848-4c54-8690-0d9c760d3837/downloads/5683334295.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467464/; classtype:trojan-activity;sid:84330564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467453)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d9b3f7f8-355a-428e-bb44-74bff775274d/downloads/supix.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467453/; classtype:trojan-activity;sid:84330553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467454)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/670646a4-4ce8-4367-bccc-c52d2083c9a3/downloads/chronogramme_dune_these_de_doctorat.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467454/; classtype:trojan-activity;sid:84330554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467455)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1e222df8-d197-4254-b90b-be3d3b023ef4/downloads/zopawakabubijipek.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467455/; classtype:trojan-activity;sid:84330555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467456)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/27590969755.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467456/; classtype:trojan-activity;sid:84330556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467452)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/48255006417.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467452/; classtype:trojan-activity;sid:84330552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467448)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09540d0c-1db9-4e3c-a32d-6eed7b48ae00/downloads/3841723103.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467448/; classtype:trojan-activity;sid:84330548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467443)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/exemple_de_dossier_raep_redige.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467443/; classtype:trojan-activity;sid:84330543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467444)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3007465f-aa28-4ea8-964e-00ec10d6daef/downloads/reinforced_concrete_wall_design_examples.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467444/; classtype:trojan-activity;sid:84330544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467445)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/munich_tourist_attractions_map.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467445/; classtype:trojan-activity;sid:84330545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467438)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4a17de4-bdbb-4d1a-aaee-49990939d4cf/downloads/problue_7_nordson_manual.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467438/; classtype:trojan-activity;sid:84330538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467440)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/30229793875.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467440/; classtype:trojan-activity;sid:84330540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467433)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/cooling_tower_working.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467433/; classtype:trojan-activity;sid:84330533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467434)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/corporate_signature_authority_matrix_template_printable.pdf"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467434/; classtype:trojan-activity;sid:84330534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467425)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/continental_online_assessment_test_answers.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467425/; classtype:trojan-activity;sid:84330525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467426)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/465f36af-7a24-4906-9c2a-986dcb6b15f8/downloads/where_can_i_get_edo_state_of_origin_certificate_in_lagos.pdf"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467426/; classtype:trojan-activity;sid:84330526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467427)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/sample_testimonials_for_employees.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467427/; classtype:trojan-activity;sid:84330527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467428)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bf8d6b31-0867-4cc2-b138-2d2dbb23ec3a/downloads/bawananulufobomoderawulen.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467428/; classtype:trojan-activity;sid:84330528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467429)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/90dc87b4-fd7e-4412-9a6a-76e20db16dbd/downloads/23425133870.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467429/; classtype:trojan-activity;sid:84330529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467422)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37fc73a-27ae-4e8d-87b6-7c807b298be6/downloads/86119351354.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467422/; classtype:trojan-activity;sid:84330522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467423)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/kagoferoxotopelabalim.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467423/; classtype:trojan-activity;sid:84330523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467411)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/how_to_write_letter_against_show_cause_notice.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467411/; classtype:trojan-activity;sid:84330511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467412)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/bevakabopodo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467412/; classtype:trojan-activity;sid:84330512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467416)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/55669141050.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467416/; classtype:trojan-activity;sid:84330516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467417)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fb13673c-7b10-403f-be9e-1b04622101d6/downloads/61656569082.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467417/; classtype:trojan-activity;sid:84330517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467418)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/98264302577.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467418/; classtype:trojan-activity;sid:84330518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467408)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/grammar_plus_class_8.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467408/; classtype:trojan-activity;sid:84330508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467409)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/32575227287.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467409/; classtype:trojan-activity;sid:84330509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467410)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/xavibow.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467410/; classtype:trojan-activity;sid:84330510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467400)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b566d4a5-149a-4042-a2b5-fa837a998781/downloads/62246613540.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467400/; classtype:trojan-activity;sid:84330500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467401)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a5d43283-67be-4a3b-9041-1427b691166f/downloads/dotadaxokokimidupoz.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467401/; classtype:trojan-activity;sid:84330501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467403)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a19a3dcf-f832-45fe-91ff-ed566d492286/downloads/31803450103.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467403/; classtype:trojan-activity;sid:84330503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467404)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/26449761459.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467404/; classtype:trojan-activity;sid:84330504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467395)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/manual_de_uso_cummins_insite.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467395/; classtype:trojan-activity;sid:84330495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467397)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/83127272265.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467397/; classtype:trojan-activity;sid:84330497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467389)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/50013116393.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467389/; classtype:trojan-activity;sid:84330489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467391)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/sowuluxoranevoxivobu.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467391/; classtype:trojan-activity;sid:84330491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467392)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/jw_public_talk_outlines.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467392/; classtype:trojan-activity;sid:84330492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467386)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/muxem.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467386/; classtype:trojan-activity;sid:84330486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467381)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aa930190-2e12-4ce7-8bd7-0454f2ef6721/downloads/remonstration_visum_ablehnung_muster.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467381/; classtype:trojan-activity;sid:84330481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467382)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1cd14ca4-3aaa-4349-a92b-5919cb2c71ee/downloads/37493963429.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467382/; classtype:trojan-activity;sid:84330482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467383)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/26417869572.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467383/; classtype:trojan-activity;sid:84330483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467384)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zutufukatozoxogunubikok.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467384/; classtype:trojan-activity;sid:84330484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467385)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/vawazu.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467385/; classtype:trojan-activity;sid:84330485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467370)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4240411-5b76-4ebe-95b9-c00242399cf6/downloads/libevisuxalozusofaze.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467370/; classtype:trojan-activity;sid:84330470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467371)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d07e2353-3643-42fe-ba11-ffa772b1a28d/downloads/61695596025.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467371/; classtype:trojan-activity;sid:84330471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467372)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/remebemakuvomurixulat.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467372/; classtype:trojan-activity;sid:84330472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467377)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/35713869772.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467377/; classtype:trojan-activity;sid:84330477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467363)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/popezefere.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467363/; classtype:trojan-activity;sid:84330463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467365)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/57373027197.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467365/; classtype:trojan-activity;sid:84330465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467367)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1e00f0b9-c207-4cb1-9a9a-c11d057e31a3/downloads/request_letter_for_hold_amount_release.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467367/; classtype:trojan-activity;sid:84330467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467369)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9569c183-65dc-4f14-a45e-e7944584cb65/downloads/58650400832.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467369/; classtype:trojan-activity;sid:84330469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467358)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0684881f-11f6-455b-9188-fb070acdb368/downloads/you_too_can_be_prosperous.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467358/; classtype:trojan-activity;sid:84330458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467359)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e51c42a2-48a1-43ea-b124-a034de3679a6/downloads/sizusobimemitu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467359/; classtype:trojan-activity;sid:84330459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467360)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/fosodevo.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467360/; classtype:trojan-activity;sid:84330460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467353)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/her_yonuyle_modern_almanca_dursun_zengin.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467353/; classtype:trojan-activity;sid:84330453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467354)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/towedokunorazageleside.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467354/; classtype:trojan-activity;sid:84330454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467355)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/65604431763.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467355/; classtype:trojan-activity;sid:84330455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467357)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/ruwuxa.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467357/; classtype:trojan-activity;sid:84330457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467347)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c725aa89-ce3b-4b0b-861e-e7c40702153d/downloads/sulupob.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467347/; classtype:trojan-activity;sid:84330447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467348)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a2e88a7-385b-4aed-a81e-123c037cba5d/downloads/57067255053.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467348/; classtype:trojan-activity;sid:84330448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467350)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2ad58263-1b5c-4da7-bc4a-7b8f99e22218/downloads/2544897802.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467350/; classtype:trojan-activity;sid:84330450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467352)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/66812037618.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467352/; classtype:trojan-activity;sid:84330452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467344)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b4da0e1a-7caf-4ed8-aaa9-0949952990f3/downloads/49347806429.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467344/; classtype:trojan-activity;sid:84330444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467339)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7399f648-106b-4174-b8c0-6d6694895ad3/downloads/vakoxumem.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467339/; classtype:trojan-activity;sid:84330439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467340)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/gununemedusotojipime.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467340/; classtype:trojan-activity;sid:84330440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467334)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/92c7bb30-769c-4722-92cc-8b01b59910e0/downloads/36512394005.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467334/; classtype:trojan-activity;sid:84330434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467337)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7592d1e2-3dca-48f2-9f42-bb08c23dfb67/downloads/zutav.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467337/; classtype:trojan-activity;sid:84330437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467326)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8f97cb07-1cfa-4fca-b6d8-3f1bf47f56b3/downloads/dulerugufep.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467326/; classtype:trojan-activity;sid:84330426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467328)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/nopurumonufulelu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467328/; classtype:trojan-activity;sid:84330428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467329)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2b44aaa8-926a-4cbd-9774-e30385fa65ac/downloads/zexesotusipedelew.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467329/; classtype:trojan-activity;sid:84330429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467321)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/security_daily_activity_report_template.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467321/; classtype:trojan-activity;sid:84330421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467312)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a3d7189d-efc6-47e1-bbe5-dc5eeaf610a0/downloads/rtca_do-160g.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467312/; classtype:trojan-activity;sid:84330412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467314)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c877865a-29ce-446f-b8f8-42c8a2318eff/downloads/personal_loan_closure_letter_format_in_word.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467314/; classtype:trojan-activity;sid:84330414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467317)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/11677680583.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467317/; classtype:trojan-activity;sid:84330417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467318)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/elkonin_boxes_word_list.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467318/; classtype:trojan-activity;sid:84330418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467320)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f4482b02-adbc-4511-a01d-8f5a32444a75/downloads/zudelejanegine.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467320/; classtype:trojan-activity;sid:84330420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467307)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c3d6560-d229-4015-8af2-a70ad89bde0a/downloads/80071621679.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467307/; classtype:trojan-activity;sid:84330407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467305)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lapeke.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467305/; classtype:trojan-activity;sid:84330405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467303)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/kapabemirowajuzaxadirokef.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467303/; classtype:trojan-activity;sid:84330403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467304)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/modexad.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467304/; classtype:trojan-activity;sid:84330404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467298)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0bdc9896-149c-4815-8e37-9e55432c4120/downloads/bofugesugipufibutunida.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467298/; classtype:trojan-activity;sid:84330398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467300)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c30937d-c8da-4e7b-9f7a-432344b46400/downloads/xuguxupevubitutuzoju.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467300/; classtype:trojan-activity;sid:84330400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467301)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/rubejemi.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467301/; classtype:trojan-activity;sid:84330401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467286)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/atividades_de_concordancia_verbal_5o_ano_com_gabarito.pdf"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467286/; classtype:trojan-activity;sid:84330386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467287)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/78c14b69-39ed-4d94-8d63-a7b29776e43c/downloads/45524925955.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467287/; classtype:trojan-activity;sid:84330387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467292)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/cyberark_psmp_admin_guide.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467292/; classtype:trojan-activity;sid:84330392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467295)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/kitab_shams_al_maarif.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467295/; classtype:trojan-activity;sid:84330395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467283)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3298be68-ecf2-4e6e-8fa7-1bf1d7657489/downloads/xagoje.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467283/; classtype:trojan-activity;sid:84330383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467279)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/83df8ca9-16c2-4244-8f9e-8be918c4b8a3/downloads/86611585002.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467279/; classtype:trojan-activity;sid:84330379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467280)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/41138401642.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467280/; classtype:trojan-activity;sid:84330380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467281)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/hepatorenales_syndrom.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467281/; classtype:trojan-activity;sid:84330381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467271)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fae029f6-27b1-4578-94bc-ae0bbaeebde4/downloads/53744052149.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467271/; classtype:trojan-activity;sid:84330371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467274)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9927c1c5-c61c-4f5e-807e-67bd1833b3e4/downloads/nijalox.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467274/; classtype:trojan-activity;sid:84330374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467275)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/how_to_change_font_size_in_xchange_editor.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467275/; classtype:trojan-activity;sid:84330375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467277)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/limitorque_mx_ordering_guide.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467277/; classtype:trojan-activity;sid:84330377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467266)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/timex_expedition_indiglo_wr50m_manual.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467266/; classtype:trojan-activity;sid:84330366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467269)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a3b63b5-3e6a-48ac-8e49-14ed0037cbc4/downloads/hitachi_cd_sem_operation_manual.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467269/; classtype:trojan-activity;sid:84330369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467264)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/87483152555.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467264/; classtype:trojan-activity;sid:84330364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467259)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/36672004653.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467259/; classtype:trojan-activity;sid:84330359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467260)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9dc6fd8e-b629-406d-be34-231dfc94d5e9/downloads/catia_v5_simulation_tutorial.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467260/; classtype:trojan-activity;sid:84330360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467262)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/80e9e7c7-d97b-4b5a-96c4-9a83854a3065/downloads/vuzabovamipavowaseke.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467262/; classtype:trojan-activity;sid:84330362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467254)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09077edc-9c07-4d95-9708-b2f62b12ca6a/downloads/jikiluwuruwewomurenix.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467254/; classtype:trojan-activity;sid:84330354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467258)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/weguma.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467258/; classtype:trojan-activity;sid:84330358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467246)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/119d5b03-e78f-4725-87b7-ed496b267f6d/downloads/attributes_of_a_good_research_topic_ppt.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467246/; classtype:trojan-activity;sid:84330346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467249)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1663535d-289f-4a17-902d-0bb53881ce69/downloads/kurupojofuxerixutalo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467249/; classtype:trojan-activity;sid:84330349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467250)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/mizibatazikitawejubidodog.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467250/; classtype:trojan-activity;sid:84330350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467251)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/gibabasakofalulizuwa.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467251/; classtype:trojan-activity;sid:84330351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467240)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/meravinuvisudome.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467240/; classtype:trojan-activity;sid:84330340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467241)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/64114a94-94a3-4f5d-866a-beee254b955f/downloads/70815730326.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467241/; classtype:trojan-activity;sid:84330341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467235)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/86649529175.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467235/; classtype:trojan-activity;sid:84330335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467236)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/nims_703_b_answers.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467236/; classtype:trojan-activity;sid:84330336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467237)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cf660a09-f805-468d-bb57-fa3593615f41/downloads/tojanigawexulametuzuk.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467237/; classtype:trojan-activity;sid:84330337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467230)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bc2ad79b-5832-4a2d-a335-92537db54849/downloads/pinestars_choice.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467230/; classtype:trojan-activity;sid:84330330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467231)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/vupegazezo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467231/; classtype:trojan-activity;sid:84330331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467221)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/18985117210.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467221/; classtype:trojan-activity;sid:84330321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467223)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/03167ecf-a61c-49ea-b541-7a074a81e1da/downloads/6655537579.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467223/; classtype:trojan-activity;sid:84330323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467225)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/41957679215.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467225/; classtype:trojan-activity;sid:84330325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467226)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/exemple_de_livret_2_vae_rempli.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467226/; classtype:trojan-activity;sid:84330326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467228)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f569f34e-b7af-41eb-9a21-0f9939c54b3f/downloads/64195657437.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467228/; classtype:trojan-activity;sid:84330328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467220)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/aspen_pims_manual.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467220/; classtype:trojan-activity;sid:84330320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467219)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/fivojudu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467219/; classtype:trojan-activity;sid:84330319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467210)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/20019605198.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467210/; classtype:trojan-activity;sid:84330310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467212)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/45706940387.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467212/; classtype:trojan-activity;sid:84330312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467213)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/xajuxe.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467213/; classtype:trojan-activity;sid:84330313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467214)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/81f7a7ad-d4fe-4147-943f-584c2d1e9bf5/downloads/because_of_mr_terupt_online.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467214/; classtype:trojan-activity;sid:84330314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467215)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/fajupip.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467215/; classtype:trojan-activity;sid:84330315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467205)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/minetest_wiki_commands.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467205/; classtype:trojan-activity;sid:84330305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467206)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/ohanian_physics_volume_1.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467206/; classtype:trojan-activity;sid:84330306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467207)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1c97d706-1093-417b-afec-0c60fc1d8547/downloads/74906999263.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467207/; classtype:trojan-activity;sid:84330307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467208)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/900d123a-2557-4fa9-92f6-1446b602b979/downloads/deporiramuga.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467208/; classtype:trojan-activity;sid:84330308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467209)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/traffic_light_risk_assessment_template_mental_health.pdf"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467209/; classtype:trojan-activity;sid:84330309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467202)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/suritotowid.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467202/; classtype:trojan-activity;sid:84330302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467196)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/41821413009.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467196/; classtype:trojan-activity;sid:84330296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467200)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/804274b4-5f10-4c26-9de6-df56f38aac7c/downloads/14312384720.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467200/; classtype:trojan-activity;sid:84330300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467187)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/37654458598.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467187/; classtype:trojan-activity;sid:84330287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467188)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/23776368177.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467188/; classtype:trojan-activity;sid:84330288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467190)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/eb8ff9f7-37bb-4420-bfa0-f018b38dcfa6/downloads/17065535031.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467190/; classtype:trojan-activity;sid:84330290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467191)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/432a6cf0-f63b-4132-8b03-52615cd2c1c3/downloads/41591669011.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467191/; classtype:trojan-activity;sid:84330291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467193)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/2634956565.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467193/; classtype:trojan-activity;sid:84330293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467177)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/437a989b-0a84-4105-b8c7-1870eb56af29/downloads/sbi_disbursement_request_form.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467177/; classtype:trojan-activity;sid:84330277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467180)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/27f26436-44ad-4647-8929-a76a4ea0ea67/downloads/sample_query_letter_for_negligence_of_duty.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467180/; classtype:trojan-activity;sid:84330280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467181)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/sapebufuj.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467181/; classtype:trojan-activity;sid:84330281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467184)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4365da4a-8d29-4708-8e67-b3b566794d83/downloads/fovizijazobupukototofosop.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467184/; classtype:trojan-activity;sid:84330284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467186)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/93759555539.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467186/; classtype:trojan-activity;sid:84330286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467175)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/ligitove.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467175/; classtype:trojan-activity;sid:84330275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467176)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/62404701972.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467176/; classtype:trojan-activity;sid:84330276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467171)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/069f5eef-b21d-41b6-aaa6-569b53af1c5a/downloads/rawidesukusutalunug.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467171/; classtype:trojan-activity;sid:84330271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467172)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d102a54e-7197-4308-a937-d70c58240642/downloads/26442784020.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467172/; classtype:trojan-activity;sid:84330272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467167)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/83882971503.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467167/; classtype:trojan-activity;sid:84330267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467168)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/modelo_carta_entrega_de_inmueble_word.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467168/; classtype:trojan-activity;sid:84330268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467163)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/61905f2a-55dd-4144-8c7c-fce5e91063a8/downloads/british_army_all_arms_tactical_aide_memoire.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467163/; classtype:trojan-activity;sid:84330263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467166)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/rakotojifodonosanilorefa.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467166/; classtype:trojan-activity;sid:84330266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467157)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1ec2f808-78a9-4c99-aa80-be96e23bf450/downloads/gewikunobapizati.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467157/; classtype:trojan-activity;sid:84330257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467158)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7dda8154-e680-4c60-8651-19cf13768d49/downloads/jadol.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467158/; classtype:trojan-activity;sid:84330258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467154)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/nojivurajojirezizi.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467154/; classtype:trojan-activity;sid:84330254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467156)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98571e96-4bd9-4ee2-bb76-481ac550907e/downloads/genebugutisevijuk.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467156/; classtype:trojan-activity;sid:84330256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467148)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/jiwekonuwokesarejibezan.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467148/; classtype:trojan-activity;sid:84330248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467149)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/159e5f7b-5078-45c9-9b36-63f21684101f/downloads/94962104148.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467149/; classtype:trojan-activity;sid:84330249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467150)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9483bc30-bb1c-4c04-9cf3-38d205924dab/downloads/jugilususosu.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467150/; classtype:trojan-activity;sid:84330250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467151)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/virapajoridubibakoxofa.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467151/; classtype:trojan-activity;sid:84330251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467152)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/319984769.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467152/; classtype:trojan-activity;sid:84330252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467142)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/makusikarubikowaxosop.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467142/; classtype:trojan-activity;sid:84330242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467143)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/gikuxuze.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467143/; classtype:trojan-activity;sid:84330243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467146)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/voxuba.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467146/; classtype:trojan-activity;sid:84330246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467147)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/wokaselu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467147/; classtype:trojan-activity;sid:84330247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467135)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/963d457e-5dea-4a7e-aae8-47aada2a7cc0/downloads/velafeke.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467135/; classtype:trojan-activity;sid:84330235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467137)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/97fcff61-ad1b-4591-bfda-ed7d6d6690f0/downloads/49593663309.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467137/; classtype:trojan-activity;sid:84330237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467138)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5e489076-b026-43ca-95da-8c6fe49f6d00/downloads/49103789197.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467138/; classtype:trojan-activity;sid:84330238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467132)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/zafekupegagasaza.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467132/; classtype:trojan-activity;sid:84330232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467133)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/55585429936.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467133/; classtype:trojan-activity;sid:84330233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467125)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/siwevewedelo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467125/; classtype:trojan-activity;sid:84330225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467126)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/fedex_air_waybill_form.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467126/; classtype:trojan-activity;sid:84330226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467127)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d567d1b9-5a9f-4b97-a387-65a7c02f8ff4/downloads/barapinawowaja.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467127/; classtype:trojan-activity;sid:84330227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467114)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/44443741873.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467114/; classtype:trojan-activity;sid:84330214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467115)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/ravibopegaxipodek.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467115/; classtype:trojan-activity;sid:84330215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467116)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/haojue_chopper_road_150_manual.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467116/; classtype:trojan-activity;sid:84330216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467117)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/23c146af-6c5b-426f-944d-9bf55106e4d8/downloads/de_quien_es_hija_elisa_salinas.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467117/; classtype:trojan-activity;sid:84330217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467118)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rewekawejujawidubekafebur.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467118/; classtype:trojan-activity;sid:84330218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467121)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3425f1f9-2741-4cdd-9a85-f51cd8a77838/downloads/pyidaungsu_font_keyboard_layout.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467121/; classtype:trojan-activity;sid:84330221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467123)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/carte_du_voyage_d_ulysse.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467123/; classtype:trojan-activity;sid:84330223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467109)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f11cc6f-a645-4f71-bee4-e3848f35abf2/downloads/livro_domain_driven_design_portugues.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467109/; classtype:trojan-activity;sid:84330209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467110)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kulefenev.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467110/; classtype:trojan-activity;sid:84330210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467111)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/lobola_letter_example.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467111/; classtype:trojan-activity;sid:84330211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467108)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/acquisition_value_negative_in_area_01_aa617.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467108/; classtype:trojan-activity;sid:84330208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467101)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d8f5bd9b-2c75-4c1f-8d4d-84a7de1d3443/downloads/widavizuxorig.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467101/; classtype:trojan-activity;sid:84330201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467102)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/chris_mccandless_travel_route.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467102/; classtype:trojan-activity;sid:84330202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467103)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/17ef1a7d-be6f-43bc-ac3a-a9c4fb65005e/downloads/powejavatunepoxaj.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467103/; classtype:trojan-activity;sid:84330203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467106)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/937a3a5d-28a9-4a6d-983b-63f9d4fe1460/downloads/90328489234.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467106/; classtype:trojan-activity;sid:84330206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467098)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0319bbe-78e1-4446-90fc-2b4b4cc85a3e/downloads/wurowujezodabod.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467098/; classtype:trojan-activity;sid:84330198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467099)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pubobagawu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467099/; classtype:trojan-activity;sid:84330199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467100)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/forest_fire_causes_and_effects.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467100/; classtype:trojan-activity;sid:84330200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467086)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6b07c7a9-24ea-41b4-835a-7daa4871c250/downloads/16_personality_factors_by_cattell.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467086/; classtype:trojan-activity;sid:84330186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467087)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/725aea16-586d-4b26-8216-cd50b4981a76/downloads/wiley_organic_chemistry_solutions_manual.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467087/; classtype:trojan-activity;sid:84330187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467088)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2224247e-29ce-4f8d-b838-abfcbdf269c0/downloads/psicoweb_respuestas_2019.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467088/; classtype:trojan-activity;sid:84330188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467091)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8e32f5a5-6a1a-4ade-b57e-fa54871724ef/downloads/2040244551.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467091/; classtype:trojan-activity;sid:84330191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467092)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/koxisiranarigavod.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467092/; classtype:trojan-activity;sid:84330192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467093)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59d4bc6c-1e33-45d9-a430-f89e52f3f795/downloads/subazituwa.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467093/; classtype:trojan-activity;sid:84330193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467094)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6f72d87-e560-495a-a5bd-684e976b53e4/downloads/lettre_promesse_dembauche.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467094/; classtype:trojan-activity;sid:84330194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467080)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/971e893d-d96e-4c35-b8d0-897850ea3ce6/downloads/ice_quarterly_development_report_example.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467080/; classtype:trojan-activity;sid:84330180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467081)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/testigos_tablero_foton.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467081/; classtype:trojan-activity;sid:84330181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467082)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/how_to_get_gst_invoice_for_amazon_purchase.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467082/; classtype:trojan-activity;sid:84330182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467083)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8df58291-e0db-425a-9cda-a9882386ada6/downloads/24365322622.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467083/; classtype:trojan-activity;sid:84330183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467085)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4831e354-44dc-4759-9d14-0dd6cfda589f/downloads/91284214985.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467085/; classtype:trojan-activity;sid:84330185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467078)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c5dd25fc-7740-402b-aa70-862b15f3342c/downloads/8958005659.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467078/; classtype:trojan-activity;sid:84330178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467079)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/wewofolivofometu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467079/; classtype:trojan-activity;sid:84330179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467072)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9e5b6b40-f934-4273-a65f-cbaee9aa4b00/downloads/9665669589.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467072/; classtype:trojan-activity;sid:84330172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467073)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/konibaxixim.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467073/; classtype:trojan-activity;sid:84330173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467074)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/20a6346a-1701-43f8-be7d-6426912a09c2/downloads/self_introduction_during_interview_example.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467074/; classtype:trojan-activity;sid:84330174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467075)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ff494cbe-9d2a-4ae4-802e-f50cfad48f0a/downloads/74334894285.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467075/; classtype:trojan-activity;sid:84330175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467077)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/55534301355.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467077/; classtype:trojan-activity;sid:84330177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467065)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/tevolutirasuvujivol.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467065/; classtype:trojan-activity;sid:84330165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467066)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3f5ecf8d-ba74-430f-ac11-9eb6ace92d02/downloads/73100246338.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467066/; classtype:trojan-activity;sid:84330166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467067)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6f72d87-e560-495a-a5bd-684e976b53e4/downloads/earth_making_of_a_planet_national_geographic_worksheet.pdf"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467067/; classtype:trojan-activity;sid:84330167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467068)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/exercice_vitesse_6eme_physique.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467068/; classtype:trojan-activity;sid:84330168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467069)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rapport_de_stage_3eme_agence_immobiliere.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467069/; classtype:trojan-activity;sid:84330169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467070)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/bisebinalujivefiwugagabu.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467070/; classtype:trojan-activity;sid:84330170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467064)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/miludafat.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467064/; classtype:trojan-activity;sid:84330164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467061)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ea6e6a77-ad86-47ad-bec1-a500695628d4/downloads/66906319004.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467061/; classtype:trojan-activity;sid:84330161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467062)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b77102f9-1066-4a92-8a14-af011902d081/downloads/75162502331.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467062/; classtype:trojan-activity;sid:84330162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467063)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/mapisirukuw.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467063/; classtype:trojan-activity;sid:84330163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467058)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/guzupuzuradadutov.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467058/; classtype:trojan-activity;sid:84330158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467059)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/081e0348-3bf0-4a3e-a723-749adc1aa630/downloads/teks_ratib_al_attas.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467059/; classtype:trojan-activity;sid:84330159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467060)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d07e2353-3643-42fe-ba11-ffa772b1a28d/downloads/49693757117.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467060/; classtype:trojan-activity;sid:84330160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467050)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800cff82-04ba-4c47-9f8b-d21367acb04d/downloads/sabre_red_workspace_commands.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467050/; classtype:trojan-activity;sid:84330150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467051)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6702c9de-d943-4d22-b78e-7985c91f7713/downloads/84525111813.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467051/; classtype:trojan-activity;sid:84330151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467052)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/26bbb7e6-2f83-462e-b1a0-c9b7b5a50d38/downloads/training_needs_assessment_questionnaire_for_sales.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467052/; classtype:trojan-activity;sid:84330152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467053)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/najovozulubameto.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467053/; classtype:trojan-activity;sid:84330153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467054)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/225bb15f-2915-4639-a3a1-bcedb142b1ef/downloads/letter_format_for_reply_to_show_cause_notice.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467054/; classtype:trojan-activity;sid:84330154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467055)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c718f9e1-28ba-4c02-b434-4456f7af09a8/downloads/masizaz.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467055/; classtype:trojan-activity;sid:84330155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467049)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/51274200809.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467049/; classtype:trojan-activity;sid:84330149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467044)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/rolinejagogid.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467044/; classtype:trojan-activity;sid:84330144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467042)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/buxam.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467042/; classtype:trojan-activity;sid:84330142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467032)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6be9a470-c465-4776-ab76-53713c51537a/downloads/nokura.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467032/; classtype:trojan-activity;sid:84330132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467033)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/69da2f53-c229-4dc7-a889-7b67b52b1a78/downloads/nokejafowikazuvojoj.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467033/; classtype:trojan-activity;sid:84330133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467035)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e43067a0-6374-4a70-a00d-00ee3b01ce8d/downloads/93917384180.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467035/; classtype:trojan-activity;sid:84330135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467037)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0336533-680f-4ead-a55e-7e292796b70a/downloads/veteluruxoge.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467037/; classtype:trojan-activity;sid:84330137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467024)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/sirijega.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467024/; classtype:trojan-activity;sid:84330124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467025)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5c2804a6-aa9c-48a0-92fa-b4e2830d3e94/downloads/ladakh_tourist_map.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467025/; classtype:trojan-activity;sid:84330125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467027)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cc5e3c0a-70ce-48cf-a48d-87f83c6b3256/downloads/major_problems_in_african_american_history.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467027/; classtype:trojan-activity;sid:84330127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467029)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d38d43db-37ad-45ec-b237-63ac8c84a196/downloads/latovin.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467029/; classtype:trojan-activity;sid:84330129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467018)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c10f3982-2d8c-41ef-9c88-95b9c7e0984b/downloads/exagrid_admin_guide.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467018/; classtype:trojan-activity;sid:84330118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467019)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/2880955338.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467019/; classtype:trojan-activity;sid:84330119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467020)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f4350e3-635b-45ba-b69f-b1a7e95f309e/downloads/24638138520.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467020/; classtype:trojan-activity;sid:84330120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467022)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/54349718441.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467022/; classtype:trojan-activity;sid:84330122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467023)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/satyanarayan_puja_vidhi_in_sanskrit.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467023/; classtype:trojan-activity;sid:84330123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467016)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/sample_letter_to_be_excused_from_jury_service.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467016/; classtype:trojan-activity;sid:84330116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467011)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cf660a09-f805-468d-bb57-fa3593615f41/downloads/vumemaxexepemetesa.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467011/; classtype:trojan-activity;sid:84330111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467012)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/93a7eb93-9eef-4244-8f20-7f48de1f8294/downloads/95493308607.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467012/; classtype:trojan-activity;sid:84330112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467013)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/91589198920.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467013/; classtype:trojan-activity;sid:84330113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467014)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/learn_korean_language_in_30_days.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467014/; classtype:trojan-activity;sid:84330114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467015)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/right_to_information_act_application_form_malayalam.pdf"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467015/; classtype:trojan-activity;sid:84330115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467006)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zesowafasunufezef.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467006/; classtype:trojan-activity;sid:84330106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467008)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8e46fb0c-8d21-4b8c-82fc-88315c96ddde/downloads/bevurusip.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467008/; classtype:trojan-activity;sid:84330108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467002)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09d72da9-ee58-43de-9ce0-8696fa874a10/downloads/zanozibiwakixubunifelok.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467002/; classtype:trojan-activity;sid:84330102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467003)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5d8bfe2e-b91e-431f-9bdc-3f0ea97e388e/downloads/hbc_radiomatic_fse_727_manual.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467003/; classtype:trojan-activity;sid:84330103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466999)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e4335d81-d2e5-4638-9638-30640b1be91f/downloads/sofipidegib.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466999/; classtype:trojan-activity;sid:84330099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467000)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/54040f30-acd4-4a4c-a314-5c4c261b537d/downloads/printable_foods_high_in_uric_acid_chart.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467000/; classtype:trojan-activity;sid:84330100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466992)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/15318963311.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466992/; classtype:trojan-activity;sid:84330092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466993)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0f7f4ed-2d7c-4134-aa94-503b1eb6600b/downloads/pagulabomezex.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466993/; classtype:trojan-activity;sid:84330093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466996)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/katisugenifikipevas.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466996/; classtype:trojan-activity;sid:84330096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466997)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/xowawetavudazinomo.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466997/; classtype:trojan-activity;sid:84330097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466985)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7662afb9-5d02-4eb9-bd3b-6426a66215ee/downloads/2312138967.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466985/; classtype:trojan-activity;sid:84330085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466986)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/evaluation_geographie_6eme_habiter_une_metropole.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466986/; classtype:trojan-activity;sid:84330086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466987)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9441f8ad-6e79-4d4a-9602-3585b1269b7e/downloads/kobumedigudopixemevuwef.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466987/; classtype:trojan-activity;sid:84330087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466989)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8fc62093-f93e-447d-8e21-b1e235f4d9cc/downloads/vadigoxevujo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466989/; classtype:trojan-activity;sid:84330089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466991)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/64414313920.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466991/; classtype:trojan-activity;sid:84330091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466979)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/mizoxuloniwi.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466979/; classtype:trojan-activity;sid:84330079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466984)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/66244318284.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466984/; classtype:trojan-activity;sid:84330084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466971)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6cdacb6d-7fbf-4d09-a986-56cdfa4edeb2/downloads/15247939327.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466971/; classtype:trojan-activity;sid:84330071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466972)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/example_of_a_lobola_letter_in_zulu.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466972/; classtype:trojan-activity;sid:84330072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466973)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ea25ddad-ebb0-4880-b714-a3f2cdadcbd9/downloads/notas_de_dinheiro_para_imprimir.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466973/; classtype:trojan-activity;sid:84330073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466975)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/606585da-2917-4da6-a9df-810ae6e7fbc1/downloads/asme_sec_8_div_1_appendix_8.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466975/; classtype:trojan-activity;sid:84330075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466976)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/segaxifalawanevake.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466976/; classtype:trojan-activity;sid:84330076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466968)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/3d_converter_for_autodesk_navisworks.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466968/; classtype:trojan-activity;sid:84330068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466969)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2c827e54-9a2c-449a-9d97-e20f9555c87a/downloads/pearson_iit_foundation_class_9_maths.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466969/; classtype:trojan-activity;sid:84330069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466970)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d2c6212-591e-450b-b673-947709e569a9/downloads/jidikegegudafipi.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466970/; classtype:trojan-activity;sid:84330070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466966)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62bebe3a-24c2-4a56-9b26-65d7a4a8233d/downloads/gupira.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466966/; classtype:trojan-activity;sid:84330066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466958)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/79599984772.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466958/; classtype:trojan-activity;sid:84330058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466957)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/actaris_meter_manual.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466957/; classtype:trojan-activity;sid:84330057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466946)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/passaic_county_technical_institute_salary_guide.pdf"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466946/; classtype:trojan-activity;sid:84330046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466950)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0c2227e9-a807-4022-9307-9c68c8629142/downloads/59021495355.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466950/; classtype:trojan-activity;sid:84330050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466951)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3abea8f6-1776-4586-b4e6-47b414d29e30/downloads/mozosadoboligemuwisuwet.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466951/; classtype:trojan-activity;sid:84330051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466952)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/malaysia_company_employee_handbook.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466952/; classtype:trojan-activity;sid:84330052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466937)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/988c0021-e131-496b-8725-ae310052894b/downloads/berakigevep.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466937/; classtype:trojan-activity;sid:84330037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466938)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0325f5e-ab4f-48af-8631-8757a310624e/downloads/87631223928.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466938/; classtype:trojan-activity;sid:84330038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466941)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/majisumilorenanevivo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466941/; classtype:trojan-activity;sid:84330041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466944)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/risukepidupapa.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466944/; classtype:trojan-activity;sid:84330044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466933)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c272bee0-a4e4-45f4-a8ce-0b066973e0cb/downloads/gateman_wk_20_english_manual.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466933/; classtype:trojan-activity;sid:84330033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466934)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/koxid.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466934/; classtype:trojan-activity;sid:84330034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466935)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/sasufazovosonufowam.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466935/; classtype:trojan-activity;sid:84330035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466929)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/6554737977.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466929/; classtype:trojan-activity;sid:84330029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466931)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4b7c63a1-8c4d-413e-83dc-2db6954011c6/downloads/42942412664.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466931/; classtype:trojan-activity;sid:84330031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466928)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/43589756342.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466928/; classtype:trojan-activity;sid:84330028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466923)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/juporuko.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466923/; classtype:trojan-activity;sid:84330023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466924)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1d231bc1-15b8-4d3d-b451-c05909392126/downloads/71014366481.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466924/; classtype:trojan-activity;sid:84330024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466920)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/29389545569.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466920/; classtype:trojan-activity;sid:84330020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466915)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fbb7d95c-19ce-4e6b-832c-1ccce7746b31/downloads/jebagokapinezax.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466915/; classtype:trojan-activity;sid:84330015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466916)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cb46680e-64d4-4308-8a44-9926381d0750/downloads/85747587751.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466916/; classtype:trojan-activity;sid:84330016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466919)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/ending_a_lease_letter_to_landlord.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466919/; classtype:trojan-activity;sid:84330019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466909)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/possession_letter_format_from_builder.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466909/; classtype:trojan-activity;sid:84330009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466910)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/mopuma.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466910/; classtype:trojan-activity;sid:84330010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466911)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a618ca0f-2608-47c2-ab22-bbc2ca127bb7/downloads/saziva.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466911/; classtype:trojan-activity;sid:84330011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466912)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/229e00b6-6232-4273-bd27-55f919ca28b8/downloads/financas_corporativas_teoria_e_pratica.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466912/; classtype:trojan-activity;sid:84330012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466913)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/76c40511-888a-4b14-bb65-87429974a9ff/downloads/gemotukuwitawusagulobez.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466913/; classtype:trojan-activity;sid:84330013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466903)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/vupenamubow.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466903/; classtype:trojan-activity;sid:84330003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466904)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/10269055308.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466904/; classtype:trojan-activity;sid:84330004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466905)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ab86f22-a419-4e4f-91d4-5a654823f744/downloads/21711123451.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466905/; classtype:trojan-activity;sid:84330005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466900)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9e5b6b40-f934-4273-a65f-cbaee9aa4b00/downloads/14203617612.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466900/; classtype:trojan-activity;sid:84330000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466902)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e4ad6e04-69d1-4aa9-ba9f-c194e0ac5eef/downloads/lotavawofasopupe.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466902/; classtype:trojan-activity;sid:84330002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466898)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/mental_state_examination_checklist.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466898/; classtype:trojan-activity;sid:84329998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466893)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e5728c18-e5b3-4c69-bf59-a4be42aea8ac/downloads/22515332125.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466893/; classtype:trojan-activity;sid:84329993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466894)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/metso_neles_positioner_manual.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466894/; classtype:trojan-activity;sid:84329994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466895)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/9840498620.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466895/; classtype:trojan-activity;sid:84329995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466897)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3fffd8a4-4d1d-42f8-a3e8-f124f6724c06/downloads/kejawisenukasi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466897/; classtype:trojan-activity;sid:84329997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466885)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/72065953692.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466885/; classtype:trojan-activity;sid:84329985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466890)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1ecb10a4-49e9-4fe5-a6bc-f0f227949dd2/downloads/60627448414.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466890/; classtype:trojan-activity;sid:84329990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466881)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/ramevedasap.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466881/; classtype:trojan-activity;sid:84329981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466882)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fbb7d95c-19ce-4e6b-832c-1ccce7746b31/downloads/67882203250.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466882/; classtype:trojan-activity;sid:84329982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466877)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/df312c7d-f650-4c0e-a98f-02aee1a43694/downloads/77125885812.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466877/; classtype:trojan-activity;sid:84329977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466864)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37e9011-77af-43eb-9e7b-dd6853450512/downloads/27721436213.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466864/; classtype:trojan-activity;sid:84329964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466866)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6abf7f7e-d12c-48f3-aa9a-703f4ccff8d7/downloads/81403469667.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466866/; classtype:trojan-activity;sid:84329966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466869)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zikirifusotuxusomel.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466869/; classtype:trojan-activity;sid:84329969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466870)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/antibiotic_sensitivity_chart_sanford_guide.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466870/; classtype:trojan-activity;sid:84329970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466872)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c8a6489-894f-4446-8722-19ef31b6a173/downloads/26803015720.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466872/; classtype:trojan-activity;sid:84329972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466873)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4d2b55bf-cda3-4071-bf2e-8c27282b789f/downloads/chambre_de_tirage_telecom.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466873/; classtype:trojan-activity;sid:84329973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466875)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/48283c5b-b198-4860-9bf9-7f30a2f8146b/downloads/10387443769.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466875/; classtype:trojan-activity;sid:84329975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466876)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zasuporuxumuza.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466876/; classtype:trojan-activity;sid:84329976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466861)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d0a6e54-c95b-4e67-871e-882f39f9c203/downloads/77235011630.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466861/; classtype:trojan-activity;sid:84329961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466863)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/luvuges.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466863/; classtype:trojan-activity;sid:84329963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466858)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tovidesukowoxam.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466858/; classtype:trojan-activity;sid:84329958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466859)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a5a93100-d349-4291-8bce-18547efeb268/downloads/14773335318.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466859/; classtype:trojan-activity;sid:84329959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466845)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62bebe3a-24c2-4a56-9b26-65d7a4a8233d/downloads/xijawef.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466845/; classtype:trojan-activity;sid:84329945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466846)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a6301bc9-fbf1-4861-936b-8ce401d46d09/downloads/non_renewal_of_contract_letter_sample.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466846/; classtype:trojan-activity;sid:84329946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466847)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98fd26ea-5c50-4ebf-945e-7ed158ebe1b6/downloads/75925905792.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466847/; classtype:trojan-activity;sid:84329947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466848)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/561eb1da-cbac-4811-84b8-e841d63e56cb/downloads/fomogivazugararux.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466848/; classtype:trojan-activity;sid:84329948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466849)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3ccd9234-721c-480b-91a1-84bae34c2069/downloads/votudomafuze.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466849/; classtype:trojan-activity;sid:84329949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466851)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ed3e7e73-6deb-4ec1-95e4-868a6659fe93/downloads/manning_guide_hotel_sample.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466851/; classtype:trojan-activity;sid:84329951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466852)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/45596981954.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466852/; classtype:trojan-activity;sid:84329952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466853)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/tilovapexof.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466853/; classtype:trojan-activity;sid:84329953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466838)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/najufijirubedejalu.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466838/; classtype:trojan-activity;sid:84329938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466839)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/ludejawirusoxodofe.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466839/; classtype:trojan-activity;sid:84329939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466843)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/4959938645.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466843/; classtype:trojan-activity;sid:84329943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466832)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/52e9408f-c536-4a35-bd81-6078a5dce549/downloads/98085965001.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466832/; classtype:trojan-activity;sid:84329932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466833)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/dasuxugolod.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466833/; classtype:trojan-activity;sid:84329933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466827)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/804274b4-5f10-4c26-9de6-df56f38aac7c/downloads/attestation_de_non_affiliation_cnas_algerie.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466827/; classtype:trojan-activity;sid:84329927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466828)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72502959-bd3f-431c-9582-055fb0eb9e9d/downloads/vw_gehaltstabelle_2022.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466828/; classtype:trojan-activity;sid:84329928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466830)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nidugapageru.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466830/; classtype:trojan-activity;sid:84329930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466831)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f6f33080-7dde-4e51-88ef-59c9fd931fca/downloads/latoletevuwogerovug.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466831/; classtype:trojan-activity;sid:84329931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466818)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/40119004199.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466818/; classtype:trojan-activity;sid:84329918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466822)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d128fcda-7fcc-4d89-85b3-e79c54d4414e/downloads/talivejo.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466822/; classtype:trojan-activity;sid:84329922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466824)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/ansul_piranha_system_installation_manual.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466824/; classtype:trojan-activity;sid:84329924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466813)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/scada_system_architecture.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466813/; classtype:trojan-activity;sid:84329913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466814)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/63541235931.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466814/; classtype:trojan-activity;sid:84329914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466802)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/gaylord_texan_hotel_map.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466802/; classtype:trojan-activity;sid:84329902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466803)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/laxokuzigurebudisinatonu.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466803/; classtype:trojan-activity;sid:84329903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466805)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09d72da9-ee58-43de-9ce0-8696fa874a10/downloads/kojutaz.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466805/; classtype:trojan-activity;sid:84329905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466808)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/civil_engineer_experience_certificate_word_format.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466808/; classtype:trojan-activity;sid:84329908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466799)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/55d28ff0-9d0b-42b4-8190-887f90038148/downloads/gimisomogaro.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466799/; classtype:trojan-activity;sid:84329899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466800)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/950f7924-fa6b-44be-bda3-22eaf526f43f/downloads/how_to_write_a_letter_to_society_for_car_parking.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466800/; classtype:trojan-activity;sid:84329900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466801)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/78dac1c1-e6f9-4066-ad39-7cbcdc39e651/downloads/93448099882.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466801/; classtype:trojan-activity;sid:84329901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466794)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/payment_under_protest_letter_sample.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466794/; classtype:trojan-activity;sid:84329894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466797)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/43447829480.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466797/; classtype:trojan-activity;sid:84329897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466798)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/97374790135.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466798/; classtype:trojan-activity;sid:84329898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466788)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/71423402684.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466788/; classtype:trojan-activity;sid:84329888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466790)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5c9ed0ab-abf7-4895-9a79-d81e87aed60a/downloads/nezumizegorazulamalit.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466790/; classtype:trojan-activity;sid:84329890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466791)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a4c519f1-5301-485e-9e9c-56d1397df289/downloads/79371210580.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466791/; classtype:trojan-activity;sid:84329891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466792)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kekososiwixokaz.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466792/; classtype:trojan-activity;sid:84329892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466778)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/14889765830.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466778/; classtype:trojan-activity;sid:84329878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466779)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rikisiwudepelapopazi.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466779/; classtype:trojan-activity;sid:84329879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466781)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/boriwivamafegujiser.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466781/; classtype:trojan-activity;sid:84329881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466782)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/seaworld_donation_request_orlando.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466782/; classtype:trojan-activity;sid:84329882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466786)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/schumacher_battery_charger_parts_se-4022.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466786/; classtype:trojan-activity;sid:84329886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466787)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d83328cf-50de-409a-9bf6-de7a48f66ed6/downloads/40650293844.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466787/; classtype:trojan-activity;sid:84329887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466777)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/ap_cm_relief_fund_application_process.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466777/; classtype:trojan-activity;sid:84329877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466768)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/narigokukeminozitema.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466768/; classtype:trojan-activity;sid:84329868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466770)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/32231114245.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466770/; classtype:trojan-activity;sid:84329870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466771)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fa0b65d5-8cfc-4875-922a-b490488b42be/downloads/schmersal_de-_42279_datasheet.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466771/; classtype:trojan-activity;sid:84329871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466772)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/checklist_format_for_housekeeping_in_hospital.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466772/; classtype:trojan-activity;sid:84329872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466773)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/91812224211.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466773/; classtype:trojan-activity;sid:84329873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466774)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/rizepigarebovubugebo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466774/; classtype:trojan-activity;sid:84329874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466775)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/kawopixar.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466775/; classtype:trojan-activity;sid:84329875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466767)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/58311665155.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466767/; classtype:trojan-activity;sid:84329867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466763)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0325f5e-ab4f-48af-8631-8757a310624e/downloads/93503353547.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466763/; classtype:trojan-activity;sid:84329863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466764)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6974f1eb-71bf-4f90-8572-d8ac4e4f765d/downloads/wazakovefonetak.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466764/; classtype:trojan-activity;sid:84329864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466758)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9978fe41-dbcb-4b88-8a80-a839de3f86b5/downloads/42576721881.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466758/; classtype:trojan-activity;sid:84329858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466759)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/73769466656.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466759/; classtype:trojan-activity;sid:84329859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466761)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/suvuraxelikubok.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466761/; classtype:trojan-activity;sid:84329861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466762)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3e09336e-0817-489c-96db-d43d5fd51fc4/downloads/i9_birth_certificate_example.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466762/; classtype:trojan-activity;sid:84329862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466750)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/stromer_st1_owners_manual.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466750/; classtype:trojan-activity;sid:84329850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466753)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/7215421885.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466753/; classtype:trojan-activity;sid:84329853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466754)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/37979647215.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466754/; classtype:trojan-activity;sid:84329854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466755)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af0be9d0-b995-4f2a-8f66-25f04f50db42/downloads/tejovejujepotobafoba.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466755/; classtype:trojan-activity;sid:84329855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466756)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/43947647531.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466756/; classtype:trojan-activity;sid:84329856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466747)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/97640682614.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466747/; classtype:trojan-activity;sid:84329847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466748)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2ec5b631-127b-4a5e-84ff-7de19674a208/downloads/daxukipavibipukoj.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466748/; classtype:trojan-activity;sid:84329848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466740)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/66a9f463-0ae0-4403-bef2-3061bb9e36ef/downloads/rate_list_of_test_in_dr.lal_pathlabs.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466740/; classtype:trojan-activity;sid:84329840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466742)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c8939508-8a93-4f90-8b11-ddca3342e83a/downloads/4803379677.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466742/; classtype:trojan-activity;sid:84329842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466745)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/taski_procarpet_45_manual.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466745/; classtype:trojan-activity;sid:84329845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466738)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/gomik.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466738/; classtype:trojan-activity;sid:84329838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466736)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ef27ce0e-c911-4d37-baad-bea065e796b8/downloads/kirekafusofo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466736/; classtype:trojan-activity;sid:84329836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466732)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/wiremabodopigotaf.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466732/; classtype:trojan-activity;sid:84329832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466733)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/67856105857.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466733/; classtype:trojan-activity;sid:84329833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466734)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af0be9d0-b995-4f2a-8f66-25f04f50db42/downloads/rubetugetafapojopodibom.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466734/; classtype:trojan-activity;sid:84329834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466724)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/3048437595.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466724/; classtype:trojan-activity;sid:84329824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466726)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cc370600-8080-4216-8e6c-52a7f34eeccf/downloads/iso_weld_symbols_chart.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466726/; classtype:trojan-activity;sid:84329826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466728)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/47b969d8-0664-43a5-a1cb-4ec8411e9eef/downloads/powerflex_755_user_manual_espanol.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466728/; classtype:trojan-activity;sid:84329828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466729)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7539d3e4-198a-4c91-addc-38e6066bfe55/downloads/2305786492.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466729/; classtype:trojan-activity;sid:84329829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466730)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/kangwon_land_inc_annual_report.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466730/; classtype:trojan-activity;sid:84329830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466731)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c0bdcf4-6f9c-40c3-8219-8cbbbcfb4026/downloads/wanigukanewalew.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466731/; classtype:trojan-activity;sid:84329831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466715)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/watiwime.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466715/; classtype:trojan-activity;sid:84329815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466716)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/638993752.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466716/; classtype:trojan-activity;sid:84329816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466717)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/milagetuxinofu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466717/; classtype:trojan-activity;sid:84329817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466719)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7eafcf9d-33bd-4fd4-8489-654d240ab2f3/downloads/51295545026.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466719/; classtype:trojan-activity;sid:84329819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466720)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/xezumiriruko.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466720/; classtype:trojan-activity;sid:84329820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466721)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/cleavage_front_row_amy_measurements.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466721/; classtype:trojan-activity;sid:84329821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466708)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/diamond_sieve_chart.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466708/; classtype:trojan-activity;sid:84329808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466710)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09b152c4-bf66-44a7-8224-2992cea3ed0a/downloads/sample_indian_renunciation_form.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466710/; classtype:trojan-activity;sid:84329810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466711)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/pelebesepasirokirefukew.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466711/; classtype:trojan-activity;sid:84329811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466712)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/455fd801-8453-4cfe-b6ee-1af9e2a627f6/downloads/7558215776.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466712/; classtype:trojan-activity;sid:84329812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466713)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e262bb3c-3205-4bb6-954b-f565479d59e0/downloads/50787175728.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466713/; classtype:trojan-activity;sid:84329813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466706)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/rotem_sigma_user_manual.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466706/; classtype:trojan-activity;sid:84329806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466705)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/lista_de_verbos_em_italiano.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466705/; classtype:trojan-activity;sid:84329805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466702)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a580c741-29a0-435a-a011-6aa538a5edae/downloads/25870917787.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466702/; classtype:trojan-activity;sid:84329802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466694)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/siwetofulugo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466694/; classtype:trojan-activity;sid:84329794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466695)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0739216d-b619-42bb-83b4-7432b4331862/downloads/26798739628.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466695/; classtype:trojan-activity;sid:84329795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466696)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/23513409250.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466696/; classtype:trojan-activity;sid:84329796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466697)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/the_long_dark_crumbling_highway_map.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466697/; classtype:trojan-activity;sid:84329797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466698)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2eabcd0a-1fbf-48aa-8399-71392232a891/downloads/92332863676.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466698/; classtype:trojan-activity;sid:84329798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466682)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c633c3b-7c73-43a9-a161-0e7459f617b4/downloads/popajuzokovuluboz.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466682/; classtype:trojan-activity;sid:84329782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.36.146.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466683/; classtype:trojan-activity;sid:84329783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466684)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4b7c63a1-8c4d-413e-83dc-2db6954011c6/downloads/6759358871.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466684/; classtype:trojan-activity;sid:84329784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466686)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41809607-5bd4-4a52-8a62-530dfb6fcdd7/downloads/gelumoxosudasikaxo.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466686/; classtype:trojan-activity;sid:84329786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466687)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cb46680e-64d4-4308-8a44-9926381d0750/downloads/47722224691.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466687/; classtype:trojan-activity;sid:84329787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466689)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/57326063662.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466689/; classtype:trojan-activity;sid:84329789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466690)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8aa13dbf-c0c5-4fe7-ae15-62e5c33a20e4/downloads/hewlett-packard_18e7_motherboard_specs.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466690/; classtype:trojan-activity;sid:84329790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466691)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/porebejotenojudud.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466691/; classtype:trojan-activity;sid:84329791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466681)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72502959-bd3f-431c-9582-055fb0eb9e9d/downloads/duff_and_phelps_size_premium_2022.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466681/; classtype:trojan-activity;sid:84329781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466674)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pass_the_pigs_scoring_sheet.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466674/; classtype:trojan-activity;sid:84329774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466679)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ae40ccb-f0fa-4b6b-bfcc-06032a30498c/downloads/logical_thinking_worksheets_for_kindergarten.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466679/; classtype:trojan-activity;sid:84329779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466670)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cb46680e-64d4-4308-8a44-9926381d0750/downloads/151743582.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466670/; classtype:trojan-activity;sid:84329770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466671)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/13792310994.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466671/; classtype:trojan-activity;sid:84329771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466666)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/cessna_172_instrument_panel_layout.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466666/; classtype:trojan-activity;sid:84329766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466667)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/24459864622.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466667/; classtype:trojan-activity;sid:84329767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466658)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c0bdcf4-6f9c-40c3-8219-8cbbbcfb4026/downloads/10451479360.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466658/; classtype:trojan-activity;sid:84329758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466659)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/sap_fico_cutover_activities.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466659/; classtype:trojan-activity;sid:84329759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466662)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/98444125074.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466662/; classtype:trojan-activity;sid:84329762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466663)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/686c0a2e-9a90-4936-9f96-7d72f3c65f03/downloads/54960661120.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466663/; classtype:trojan-activity;sid:84329763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466664)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c30937d-c8da-4e7b-9f7a-432344b46400/downloads/3262231356.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466664/; classtype:trojan-activity;sid:84329764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466648)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/livro_pesquisa_bibliografica.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466648/; classtype:trojan-activity;sid:84329748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466650)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/37ff6e83-e399-4f09-b7f3-13b9438039c2/downloads/54456550535.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466650/; classtype:trojan-activity;sid:84329750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466652)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41780010-2245-4f59-96ea-abe2bb04704f/downloads/request_letter_format_in_marathi_language.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466652/; classtype:trojan-activity;sid:84329752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466645)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5809a244-7d90-46f4-9de4-ee86dda3a2de/downloads/evaluation_emc_6eme_devenir_collegien.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466645/; classtype:trojan-activity;sid:84329745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466640)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dd809168-aa55-4437-9a0e-42447fbc16fd/downloads/22731947285.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466640/; classtype:trojan-activity;sid:84329740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466641)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41780010-2245-4f59-96ea-abe2bb04704f/downloads/hypothecation_cancellation_request_letter_format.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466641/; classtype:trojan-activity;sid:84329741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466642)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/182ae1b8-0b64-4790-be7b-698d5e8b3d57/downloads/gidatigexapufalumiwolagad.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466642/; classtype:trojan-activity;sid:84329742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466634)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/aocs_official_method_ce_1b_89.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466634/; classtype:trojan-activity;sid:84329734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466635)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pigogini.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466635/; classtype:trojan-activity;sid:84329735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466639)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ab158387-fd14-4136-be83-18d2feafd209/downloads/regonadafufosofujerijasur.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466639/; classtype:trojan-activity;sid:84329739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466625)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/xewegemodigu.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466625/; classtype:trojan-activity;sid:84329725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466626)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f9b61407-e9a0-4bfb-ac42-6ba811f07eed/downloads/daycare_reference_letter_template.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466626/; classtype:trojan-activity;sid:84329726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466629)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/displayport_1.4_spec.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466629/; classtype:trojan-activity;sid:84329729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466632)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a49e03e-1cf9-44ed-ac44-c378f90fa5f8/downloads/63521883486.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466632/; classtype:trojan-activity;sid:84329732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466633)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/262ea410-a887-458b-b5ec-65748ef01e57/downloads/75258476975.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466633/; classtype:trojan-activity;sid:84329733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466619)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9441f8ad-6e79-4d4a-9602-3585b1269b7e/downloads/dajagunowe.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466619/; classtype:trojan-activity;sid:84329719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466620)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/432a6cf0-f63b-4132-8b03-52615cd2c1c3/downloads/hypochondria_ielts_reading_answers.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466620/; classtype:trojan-activity;sid:84329720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466622)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/migolijidawononavez.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466622/; classtype:trojan-activity;sid:84329722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466623)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6286d8b4-6ffa-4d84-aeea-f2a9bc58a594/downloads/hotel_courtesy_call_template.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466623/; classtype:trojan-activity;sid:84329723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466617)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/48cf8ef6-fe89-47b6-9b8e-43119a3d3833/downloads/89759746182.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466617/; classtype:trojan-activity;sid:84329717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466613)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/poquito_mas_nutrition_facts.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466613/; classtype:trojan-activity;sid:84329713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466610)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9a32841c-0d54-4ad0-8acd-a5b15c41cae1/downloads/luxutevosevuke.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466610/; classtype:trojan-activity;sid:84329710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466611)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/vamiralu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466611/; classtype:trojan-activity;sid:84329711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466605)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/bonunorovekofa.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466605/; classtype:trojan-activity;sid:84329705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466606)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/36407415595.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466606/; classtype:trojan-activity;sid:84329706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466607)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/82707682561.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466607/; classtype:trojan-activity;sid:84329707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466608)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a0620227-6f33-427f-8ac7-1fb80d24bd78/downloads/loxabafefomukewizirefa.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466608/; classtype:trojan-activity;sid:84329708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466609)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/metric_bolt_specification_chart.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466609/; classtype:trojan-activity;sid:84329709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466597)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6875802-d83d-45fa-a01c-dd9f30c53739/downloads/22305465780.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466597/; classtype:trojan-activity;sid:84329697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466598)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/efeaa59e-2423-41d8-b482-9a37e80979c7/downloads/ge_disconnect_switch.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466598/; classtype:trojan-activity;sid:84329698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466600)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7518eff6-349e-4445-8380-e1c43aacea7b/downloads/gemudewefedevovep.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466600/; classtype:trojan-activity;sid:84329700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466601)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41809607-5bd4-4a52-8a62-530dfb6fcdd7/downloads/tugojokuru.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466601/; classtype:trojan-activity;sid:84329701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466602)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/hadoop_notes_by_durgasoft_ramakrishna.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466602/; classtype:trojan-activity;sid:84329702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466603)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/compassionate_leave_letter_examples.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466603/; classtype:trojan-activity;sid:84329703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466604)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2294c0f6-d737-4b16-8fca-94076227dda5/downloads/garrison_carbon_monoxide_and_gas_detector_manual.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466604/; classtype:trojan-activity;sid:84329704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466593)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/kuradorug.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466593/; classtype:trojan-activity;sid:84329693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466594)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7eafcf9d-33bd-4fd4-8489-654d240ab2f3/downloads/38053692779.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466594/; classtype:trojan-activity;sid:84329694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466595)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4240411-5b76-4ebe-95b9-c00242399cf6/downloads/26107131918.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466595/; classtype:trojan-activity;sid:84329695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466587)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tozivagal.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466587/; classtype:trojan-activity;sid:84329687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466591)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1b026e03-5af6-461d-a832-b5e23f93b19f/downloads/rojumedevunez.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466591/; classtype:trojan-activity;sid:84329691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466585)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nefusajoxepisajejod.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466585/; classtype:trojan-activity;sid:84329685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466581)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/tubewerapip.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466581/; classtype:trojan-activity;sid:84329681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466583)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/18645484853.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466583/; classtype:trojan-activity;sid:84329683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466584)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/50ab7773-f1d2-4be6-a8e2-1065b2477787/downloads/4850921377.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466584/; classtype:trojan-activity;sid:84329684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466568)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4490da21-0774-43c2-8f10-26fe1384ffab/downloads/convention_collective_ucanss_mutatio.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466568/; classtype:trojan-activity;sid:84329668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466569)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2f6bcf3c-4b23-42e7-95db-7e5e3070b630/downloads/29680644903.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466569/; classtype:trojan-activity;sid:84329669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466571)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e297ab99-26f3-4763-8aa9-4b5ba8336826/downloads/61556440139.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466571/; classtype:trojan-activity;sid:84329671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466572)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/93a7eb93-9eef-4244-8f20-7f48de1f8294/downloads/rikeleneliteta.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466572/; classtype:trojan-activity;sid:84329672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466559)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/dupibutemuxubezukexe.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466559/; classtype:trojan-activity;sid:84329659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466561)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/58f82e37-5723-4fc5-be87-1ca34da7fc9c/downloads/ladovarudugusujo.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466561/; classtype:trojan-activity;sid:84329661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466562)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/93623530863.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466562/; classtype:trojan-activity;sid:84329662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466563)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f4482b02-adbc-4511-a01d-8f5a32444a75/downloads/31982364803.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466563/; classtype:trojan-activity;sid:84329663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466564)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c29905cb-cab1-47d6-9263-d073f5bcab67/downloads/manually_update_officescan_server.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466564/; classtype:trojan-activity;sid:84329664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466565)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/meligofat.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466565/; classtype:trojan-activity;sid:84329665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466566)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pibajusapasadasizuvabo.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466566/; classtype:trojan-activity;sid:84329666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466552)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/vuguvukopipokimukunoju.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466552/; classtype:trojan-activity;sid:84329652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466553)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/vmware_horizon_not_loading.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466553/; classtype:trojan-activity;sid:84329653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466556)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/gekepozokenaxaketojakoj.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466556/; classtype:trojan-activity;sid:84329656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466557)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/xekinozu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466557/; classtype:trojan-activity;sid:84329657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466558)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/tanaber.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466558/; classtype:trojan-activity;sid:84329658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466546)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lokodemerukezabakexa.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466546/; classtype:trojan-activity;sid:84329646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466547)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/wijigezafububofelib.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466547/; classtype:trojan-activity;sid:84329647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466548)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1a64ed17-85a2-4cee-b266-878ed957a17a/downloads/wezixipusafa.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466548/; classtype:trojan-activity;sid:84329648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466551)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ed9a7df-8325-4b88-b206-4975011bd8d3/downloads/73303046927.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466551/; classtype:trojan-activity;sid:84329651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466544)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/vafibezesixura.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466544/; classtype:trojan-activity;sid:84329644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466542)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cdf9b72e-240a-4a41-ac28-e187be75db3e/downloads/10008295817.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466542/; classtype:trojan-activity;sid:84329642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466539)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/35017680871.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466539/; classtype:trojan-activity;sid:84329639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466534)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b5346c1d-c474-4a92-9b4c-cbf0eee37189/downloads/jamupipenimewuroveg.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466534/; classtype:trojan-activity;sid:84329634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466523)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/ritiwuga.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466523/; classtype:trojan-activity;sid:84329623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466524)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/697088a1-6c9a-496e-9a4d-922308cd97be/downloads/98558988287.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466524/; classtype:trojan-activity;sid:84329624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466525)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d8c405e-d09a-43e6-b2b9-f8bbfe0e4b05/downloads/japifitakudisudupuweb.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466525/; classtype:trojan-activity;sid:84329625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466527)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b7519557-5091-4de7-b104-8e86c3953c5d/downloads/66697702965.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466527/; classtype:trojan-activity;sid:84329627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466528)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4d8863b-da23-437d-86ed-df2351a23265/downloads/sazodaxorega.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466528/; classtype:trojan-activity;sid:84329628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466512)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/36655168913.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466512/; classtype:trojan-activity;sid:84329612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466513)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/wevularaboxurewugawe.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466513/; classtype:trojan-activity;sid:84329613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466514)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/rubizegelolulagexarunup.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466514/; classtype:trojan-activity;sid:84329614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466515)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c29905cb-cab1-47d6-9263-d073f5bcab67/downloads/pipe_fittings_surface_area_chart.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466515/; classtype:trojan-activity;sid:84329615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466517)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/ludirov.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466517/; classtype:trojan-activity;sid:84329617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466521)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/jedibam.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466521/; classtype:trojan-activity;sid:84329621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466522)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c2f5ec0b-52d8-40cb-8fa6-a66f6f891fa9/downloads/64630520522.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466522/; classtype:trojan-activity;sid:84329622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466506)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/19f0e93a-8f01-4f21-8964-dcc990dea571/downloads/honeywell_dc3002_manual.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466506/; classtype:trojan-activity;sid:84329606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466507)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/30963207670.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466507/; classtype:trojan-activity;sid:84329607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466508)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/963d457e-5dea-4a7e-aae8-47aada2a7cc0/downloads/36202936872.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466508/; classtype:trojan-activity;sid:84329608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466509)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/738cd3ca-10f0-4f1e-865e-c0932904fbb2/downloads/28412734415.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466509/; classtype:trojan-activity;sid:84329609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466510)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af067739-2dfe-40f3-ae00-a758e587d7d3/downloads/wepepuv.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466510/; classtype:trojan-activity;sid:84329610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466503)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/atpco_fare_filing_manual_s.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466503/; classtype:trojan-activity;sid:84329603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466504)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/gartner_magic_quadrant_ips.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466504/; classtype:trojan-activity;sid:84329604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466505)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2215a6c-0436-4d82-8033-c5d079398259/downloads/xawegifurixikinixi.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466505/; classtype:trojan-activity;sid:84329605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466501)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nolovafitavire.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466501/; classtype:trojan-activity;sid:84329601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466495)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f11cc6f-a645-4f71-bee4-e3848f35abf2/downloads/mojijodexiv.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466495/; classtype:trojan-activity;sid:84329595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466497)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/64114a94-94a3-4f5d-866a-beee254b955f/downloads/xipefodefanotare.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466497/; classtype:trojan-activity;sid:84329597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466498)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/gekulafemidafalijuw.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466498/; classtype:trojan-activity;sid:84329598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466489)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/types_of_lines_in_construction_drawings.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466489/; classtype:trojan-activity;sid:84329589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466490)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/psa_birth_certificate_authorization_letter.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466490/; classtype:trojan-activity;sid:84329590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466492)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/53202951-38c7-4c35-8280-6cefaf47915f/downloads/libububodanusakamarad.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466492/; classtype:trojan-activity;sid:84329592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466480)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/41202776349.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466480/; classtype:trojan-activity;sid:84329580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466481)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dc583f51-62de-45fb-b9c6-f152dd4c2594/downloads/combining_like_terms_pyramid_worksheet_answers.pdf"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466481/; classtype:trojan-activity;sid:84329581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466482)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1dc2c198-09f6-4966-96bb-2e160c7d78e2/downloads/55840145977.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466482/; classtype:trojan-activity;sid:84329582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466484)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/puzenesariwalez.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466484/; classtype:trojan-activity;sid:84329584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466485)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0eb552d-3ccf-4b3e-a340-0e3717106147/downloads/kalozarisi.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466485/; classtype:trojan-activity;sid:84329585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466486)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/wilikof.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466486/; classtype:trojan-activity;sid:84329586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466487)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/geruzirejexexani.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466487/; classtype:trojan-activity;sid:84329587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466488)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20220120151100if_/https://uploads.strikinglycdn.com/files/88fe4363-1198-45e6-9226-8b94f28355d4/biwuzu.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466488/; classtype:trojan-activity;sid:84329588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466476)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/de9d9f96-a289-4877-85d4-e6d2d4cc419c/downloads/minerva_t2000_manual.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466476/; classtype:trojan-activity;sid:84329576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466474)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/siemens_pcs_7_full_training_manual.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466474/; classtype:trojan-activity;sid:84329574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466472)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/sojawamiluredowad.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466472/; classtype:trojan-activity;sid:84329572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466462)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/add57eeb-0480-4d3e-871c-79d9b8fe2772/downloads/lozataroziwukurejigax.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466462/; classtype:trojan-activity;sid:84329562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466463)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/capacitor_bank_preventive_maintenance_checklist.pdf"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466463/; classtype:trojan-activity;sid:84329563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466464)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/jesafi.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466464/; classtype:trojan-activity;sid:84329564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466465)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/wofewipawo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466465/; classtype:trojan-activity;sid:84329565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466468)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/58423586845.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466468/; classtype:trojan-activity;sid:84329568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466469)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/89849145142.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466469/; classtype:trojan-activity;sid:84329569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466460)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c26a93a-50bb-4104-895b-059e3fc9a02c/downloads/zoxinigexozojadidara.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466460/; classtype:trojan-activity;sid:84329560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466454)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96b6a2f4-8317-413b-a7e3-44adb2eb81f5/downloads/demande_d_allocation_chomage_pole_emploi.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466454/; classtype:trojan-activity;sid:84329554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466459)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tutorialspoint_sap_pp.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466459/; classtype:trojan-activity;sid:84329559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466449)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/lafebokoz.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466449/; classtype:trojan-activity;sid:84329549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466450)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/advance_payment_request_letter_format_word.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466450/; classtype:trojan-activity;sid:84329550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466452)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a0c7596-8583-4967-abed-67d8d1ffd610/downloads/boilermaker_drawings_and_developments.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466452/; classtype:trojan-activity;sid:84329552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466453)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8532eb1d-13c2-4756-9d41-225750b056f4/downloads/litimuwabu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466453/; classtype:trojan-activity;sid:84329553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466444)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/telcordia_sr_332_issue_4.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466444/; classtype:trojan-activity;sid:84329544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466445)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/stopaq_application_manual_2018.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466445/; classtype:trojan-activity;sid:84329545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466447)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3daad7b2-98c5-4dc1-b37a-5570afcba267/downloads/40472163846.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466447/; classtype:trojan-activity;sid:84329547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466439)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/89247847196.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466439/; classtype:trojan-activity;sid:84329539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466440)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/72993487295.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466440/; classtype:trojan-activity;sid:84329540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466441)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/de9155fa-7173-4766-94c3-9e400d4aed58/downloads/def_stan_91-91.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466441/; classtype:trojan-activity;sid:84329541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466443)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/42d6a3b4-bbc0-47ab-bf86-c3ddb806b2ed/downloads/rafadaduveputev.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466443/; classtype:trojan-activity;sid:84329543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466429)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3924d65b-e08d-4f21-8d71-a0b15eb654bb/downloads/63720952596.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466429/; classtype:trojan-activity;sid:84329529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466417)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/woleb.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466417/; classtype:trojan-activity;sid:84329517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466418)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/dururotilonid.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466418/; classtype:trojan-activity;sid:84329518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466419)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/150_dialogues_en_francais.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466419/; classtype:trojan-activity;sid:84329519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466420)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/88031585580.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466420/; classtype:trojan-activity;sid:84329520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466423)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/dollar_general_cbl_answers_robbery_prevention.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466423/; classtype:trojan-activity;sid:84329523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466424)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4e8158-a082-4b1f-960e-1d82a946a72b/downloads/76239393989.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466424/; classtype:trojan-activity;sid:84329524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466414)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/51c1105d-a687-468d-b1aa-293ca9578a34/downloads/giwuroganapedokozijave.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466414/; classtype:trojan-activity;sid:84329514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466406)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/50e5aae7-a15c-4d74-a4ed-a8edfca980c4/downloads/atividades_adaptadas_de_ingles_para_deficientes_intelectuais.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466406/; classtype:trojan-activity;sid:84329506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466407)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/697088a1-6c9a-496e-9a4d-922308cd97be/downloads/24465842333.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466407/; classtype:trojan-activity;sid:84329507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466409)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2d664301-7b5e-474d-97a1-1305c7ece601/downloads/35905190672.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466409/; classtype:trojan-activity;sid:84329509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466410)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/12922543008.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466410/; classtype:trojan-activity;sid:84329510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466412)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/804274b4-5f10-4c26-9de6-df56f38aac7c/downloads/20643132370.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466412/; classtype:trojan-activity;sid:84329512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466413)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/95435099570.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466413/; classtype:trojan-activity;sid:84329513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466401)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2bb4e8cb-ec7e-44c1-a645-d94d4534f3a4/downloads/far_from_you_tess_sharpe.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466401/; classtype:trojan-activity;sid:84329501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466403)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/87076889980.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466403/; classtype:trojan-activity;sid:84329503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466395)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20220120151100/https://uploads.strikinglycdn.com/files/88fe4363-1198-45e6-9226-8b94f28355d4/biwuzu.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466395/; classtype:trojan-activity;sid:84329495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466396)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/40331451843.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466396/; classtype:trojan-activity;sid:84329496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466397)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/71d9f42f-0bad-4406-8a48-95c698e57e68/downloads/sumitomo_f50_compressor_manual.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466397/; classtype:trojan-activity;sid:84329497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466398)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tusosexukitut.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466398/; classtype:trojan-activity;sid:84329498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466387)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/chambre_de_tirage_telecom.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466387/; classtype:trojan-activity;sid:84329487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466390)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tojabuka.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466390/; classtype:trojan-activity;sid:84329490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466391)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/16219919996.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466391/; classtype:trojan-activity;sid:84329491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466392)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/famous_athletes_banned_for_drug_use.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466392/; classtype:trojan-activity;sid:84329492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466393)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/31075581028.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466393/; classtype:trojan-activity;sid:84329493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466394)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/table_trigonometrique_complet.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466394/; classtype:trojan-activity;sid:84329494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466385)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f20719e2-319c-4f10-aabc-5dffb4a98912/downloads/45233279752.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466385/; classtype:trojan-activity;sid:84329485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466376)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/10e01255-b324-4a54-ae63-f4e28a319147/downloads/how_to_make_authorization_letter_to_claim_money_in_palawan.pdf"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466376/; classtype:trojan-activity;sid:84329476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466378)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a69ed85-566a-4d22-8bd3-47a8a314b3bf/downloads/baropuzijavalerivotenujop.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466378/; classtype:trojan-activity;sid:84329478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466379)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/15135097712.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466379/; classtype:trojan-activity;sid:84329479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466366)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4831e354-44dc-4759-9d14-0dd6cfda589f/downloads/demag_ac_350_dwg.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466366/; classtype:trojan-activity;sid:84329466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466370)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f6479094-5bf7-4b46-9ced-d0f3d0d49751/downloads/63982701040.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466370/; classtype:trojan-activity;sid:84329470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466371)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e35dded4-68df-49bc-a9b0-aad8c63628c2/downloads/polipuzikiwelines.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466371/; classtype:trojan-activity;sid:84329471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466372)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/jakirezimukixinirivuvizuw.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466372/; classtype:trojan-activity;sid:84329472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466373)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4bf44b4-a39c-49f8-89f5-4b487ef61751/downloads/safety_precautions_during_rainy_season_ppt.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466373/; classtype:trojan-activity;sid:84329473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466358)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/gasanon.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466358/; classtype:trojan-activity;sid:84329458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466359)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/87218120165.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466359/; classtype:trojan-activity;sid:84329459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466364)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6c9fdcec-b167-4620-b064-54b8917c32b8/downloads/57211354597.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466364/; classtype:trojan-activity;sid:84329464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466355)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9927c1c5-c61c-4f5e-807e-67bd1833b3e4/downloads/2687436544.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466355/; classtype:trojan-activity;sid:84329455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466356)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/astonishment_report_example_template_free.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466356/; classtype:trojan-activity;sid:84329456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466353)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4454ad30-3f6f-488a-b5e6-19e7bcca2146/downloads/duzinijilufixikedaluw.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466353/; classtype:trojan-activity;sid:84329453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466340)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/47a03532-4838-4d3f-b185-a29c87fa882c/downloads/24511080679.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466340/; classtype:trojan-activity;sid:84329440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466341)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/35512569741.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466341/; classtype:trojan-activity;sid:84329441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466344)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/fiselarodinolapin.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466344/; classtype:trojan-activity;sid:84329444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466348)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/fonuferin.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466348/; classtype:trojan-activity;sid:84329448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466349)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/59681288373.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466349/; classtype:trojan-activity;sid:84329449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466350)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9db526fb-d62a-447a-9766-8665158ad47a/downloads/skf_linear_bearing_catalogue.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466350/; classtype:trojan-activity;sid:84329450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466351)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/45838770375.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466351/; classtype:trojan-activity;sid:84329451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466336)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98a1791f-f3a9-4ef2-ac34-41b3393c3d1d/downloads/original_documents_handover_letter_format.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466336/; classtype:trojan-activity;sid:84329436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466337)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/60272662631.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466337/; classtype:trojan-activity;sid:84329437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466338)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aa44ab49-4d64-4d64-8bfd-2dfce545052f/downloads/limitations_act_2004_nigeria.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466338/; classtype:trojan-activity;sid:84329438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466331)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72cc53f9-3bf4-447c-963a-353f48ad8500/downloads/puwutokok.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466331/; classtype:trojan-activity;sid:84329431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466333)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2224247e-29ce-4f8d-b838-abfcbdf269c0/downloads/emdr_cognitive_interweaves.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466333/; classtype:trojan-activity;sid:84329433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466325)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/15715958975.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466325/; classtype:trojan-activity;sid:84329425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466326)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/sanugesijeviwo.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466326/; classtype:trojan-activity;sid:84329426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466327)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/167862b3-31e9-4984-90e5-30766e3a7fa8/downloads/20740408467.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466327/; classtype:trojan-activity;sid:84329427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466316)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/22914289512.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466316/; classtype:trojan-activity;sid:84329416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466317)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f842cd9f-c67c-4749-ba01-22d7c1ea502c/downloads/93070455772.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466317/; classtype:trojan-activity;sid:84329417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466319)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/61240910211.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466319/; classtype:trojan-activity;sid:84329419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466320)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/33251318472.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466320/; classtype:trojan-activity;sid:84329420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466321)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800cff82-04ba-4c47-9f8b-d21367acb04d/downloads/84098559127.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466321/; classtype:trojan-activity;sid:84329421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466322)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kaxajopisojurivo.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466322/; classtype:trojan-activity;sid:84329422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466324)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/vehicle_sale_agreement_format_in_word_kerala_online_applicat.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466324/; classtype:trojan-activity;sid:84329424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466312)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/everstart_750_amp_jump_starter_manual.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466312/; classtype:trojan-activity;sid:84329412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466313)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/424b0398-579a-4717-a17a-ffb972bf5819/downloads/manual_ppap_4_edicao.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466313/; classtype:trojan-activity;sid:84329413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466314)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b2a026b5-555a-437c-867f-3969f62b48d7/downloads/3703775959.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466314/; classtype:trojan-activity;sid:84329414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466305)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3f5ecf8d-ba74-430f-ac11-9eb6ace92d02/downloads/womirojepu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466305/; classtype:trojan-activity;sid:84329405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466307)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/lord_of_the_flies_script.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466307/; classtype:trojan-activity;sid:84329407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466309)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d0a6e54-c95b-4e67-871e-882f39f9c203/downloads/38102271043.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466309/; classtype:trojan-activity;sid:84329409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466304)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/depo_provera_osteoporosis_guidelines.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466304/; classtype:trojan-activity;sid:84329404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466301)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/397fbc33-145f-44ec-a774-e1fa1b866d82/downloads/fekesijurada.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466301/; classtype:trojan-activity;sid:84329401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466293)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1e222df8-d197-4254-b90b-be3d3b023ef4/downloads/78299826683.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466293/; classtype:trojan-activity;sid:84329393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466294)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bc2da57a-5cad-4b1e-b658-8efa7e30bee5/downloads/como_transferir_saldo_de_dados_unitel.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466294/; classtype:trojan-activity;sid:84329394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466283)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/billetes_didacticos_mexicanos_para_imprimir.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466283/; classtype:trojan-activity;sid:84329383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466284)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/xutodorimalibavexididoson.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466284/; classtype:trojan-activity;sid:84329384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466285)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/vatalikuxigepiwu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466285/; classtype:trojan-activity;sid:84329385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466286)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2fda8269-9b7e-4008-b093-ed7dc0bde9d7/downloads/zinivegosejuriwevagowu.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466286/; classtype:trojan-activity;sid:84329386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466288)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/dotuxomolomorapitome.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466288/; classtype:trojan-activity;sid:84329388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466289)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/541a1d8b-7a21-4c1f-8013-03406bd1a8ad/downloads/mevuxurike.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466289/; classtype:trojan-activity;sid:84329389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466291)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c30937d-c8da-4e7b-9f7a-432344b46400/downloads/jubomumifekomu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466291/; classtype:trojan-activity;sid:84329391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466280)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/90378982159.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466280/; classtype:trojan-activity;sid:84329380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466282)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/jodegemotekuseve.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466282/; classtype:trojan-activity;sid:84329382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466268)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/46578941429.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466268/; classtype:trojan-activity;sid:84329368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466269)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/elenco_corsi_vam_viterbo.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466269/; classtype:trojan-activity;sid:84329369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466259)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/17714436684.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466259/; classtype:trojan-activity;sid:84329359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466260)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/planet_fitness_membership_cancellation_letter.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466260/; classtype:trojan-activity;sid:84329360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466261)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af067739-2dfe-40f3-ae00-a758e587d7d3/downloads/61105974714.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466261/; classtype:trojan-activity;sid:84329361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466266)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/933c3405-1572-4648-b39e-d98567eb5bee/downloads/for_your_kind_perusal_and_necessary_action_meaning.pdf"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466266/; classtype:trojan-activity;sid:84329366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466267)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/119d5b03-e78f-4725-87b7-ed496b267f6d/downloads/scrubber_design_calculation_excel.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466267/; classtype:trojan-activity;sid:84329367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466249)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6787db73-833d-4393-867e-1b786eb5e101/downloads/60859753638.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466249/; classtype:trojan-activity;sid:84329349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466252)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62a7895e-5f81-4049-920b-e70e38d29e37/downloads/why_is_annexure_d_required_for_minor_passport.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466252/; classtype:trojan-activity;sid:84329352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466253)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/574284889.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466253/; classtype:trojan-activity;sid:84329353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466254)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9e5b6b40-f934-4273-a65f-cbaee9aa4b00/downloads/xikapataxofako.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466254/; classtype:trojan-activity;sid:84329354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466255)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lobigexapi.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466255/; classtype:trojan-activity;sid:84329355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466256)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2470d53e-fef7-4646-9c8b-919894e66d18/downloads/72646482584.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466256/; classtype:trojan-activity;sid:84329356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466257)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8c16f145-4fc0-4af7-a4db-de4acd818fe4/downloads/46429707192.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466257/; classtype:trojan-activity;sid:84329357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466245)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7153ec40-cd7f-411a-a08b-66d173a33455/downloads/standards_australia_handbook_197.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466245/; classtype:trojan-activity;sid:84329345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466247)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/55745505506.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466247/; classtype:trojan-activity;sid:84329347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466241)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/43311556781.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466241/; classtype:trojan-activity;sid:84329341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466244)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/80691091889.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466244/; classtype:trojan-activity;sid:84329344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466238)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/sewuxazomuwara.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466238/; classtype:trojan-activity;sid:84329338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466231)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ce549e8-3051-428a-a71b-b48f204ac3cd/downloads/rapid_router_level_43_solution.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466231/; classtype:trojan-activity;sid:84329331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466232)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0620bed2-a9d8-4f06-ab8c-173ea1a60a70/downloads/jijegarazomimubusawogam.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466232/; classtype:trojan-activity;sid:84329332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466233)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/matunekuv.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466233/; classtype:trojan-activity;sid:84329333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466230)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/53202951-38c7-4c35-8280-6cefaf47915f/downloads/statsafe_3000_msds.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466230/; classtype:trojan-activity;sid:84329330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466221)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/82647770508.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466221/; classtype:trojan-activity;sid:84329321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466222)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ee3e2894-0337-41f6-9371-caecf7034a22/downloads/26991821255.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466222/; classtype:trojan-activity;sid:84329322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466226)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/gesuzodekutiz.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466226/; classtype:trojan-activity;sid:84329326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466227)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62a7895e-5f81-4049-920b-e70e38d29e37/downloads/how_to_register_in_upstox.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466227/; classtype:trojan-activity;sid:84329327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466228)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/exercises_for_trigger_thumb.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466228/; classtype:trojan-activity;sid:84329328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466229)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/132d13c5-3f89-41bf-85b4-d1a24ddcf61c/downloads/nosiwevixina.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466229/; classtype:trojan-activity;sid:84329329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466215)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a56a106f-21b9-46c2-b5bc-12461919334c/downloads/vurarufa.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466215/; classtype:trojan-activity;sid:84329315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466217)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/how_to_get_a_wire_transfer_receipt_chase.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466217/; classtype:trojan-activity;sid:84329317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466219)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/3175972790.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466219/; classtype:trojan-activity;sid:84329319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466213)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62128af0-82d0-4bae-b967-d393a4304003/downloads/apex_sl_vibration_controller_manual.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466213/; classtype:trojan-activity;sid:84329313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466214)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/nakozixuwelafi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466214/; classtype:trojan-activity;sid:84329314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466205)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/mobesapovasag.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466205/; classtype:trojan-activity;sid:84329305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466206)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fae029f6-27b1-4578-94bc-ae0bbaeebde4/downloads/imperial_vernier_caliper_worksheet.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466206/; classtype:trojan-activity;sid:84329306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466207)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e2ab423c-1813-4cd0-becb-6a8adbf01641/downloads/ribafimimeriledok.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466207/; classtype:trojan-activity;sid:84329307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466208)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/62228929609.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466208/; classtype:trojan-activity;sid:84329308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466209)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/91a706e9-d066-47d7-89af-69535d865c3d/downloads/carteirinha_de_estudante_falsa_em.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466209/; classtype:trojan-activity;sid:84329309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466196)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/80e9e7c7-d97b-4b5a-96c4-9a83854a3065/downloads/35740879646.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466196/; classtype:trojan-activity;sid:84329296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466201)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2d42ffe-779b-4107-ac42-7f36375aab37/downloads/zeneliginuboripiriza.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466201/; classtype:trojan-activity;sid:84329301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466202)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6bb5c8cf-e89d-49c0-aeeb-7278d39f6b32/downloads/fiche_grcf_bts_gpme.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466202/; classtype:trojan-activity;sid:84329302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466193)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/77724997403.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466193/; classtype:trojan-activity;sid:84329293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466181)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/xinunivigaxelifujukedo.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466181/; classtype:trojan-activity;sid:84329281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466182)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/pidipaxiworoguvosifap.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466182/; classtype:trojan-activity;sid:84329282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466183)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/rent_receipt_format_in_ms_word.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466183/; classtype:trojan-activity;sid:84329283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466184)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nipipuk.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466184/; classtype:trojan-activity;sid:84329284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466185)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/081e0348-3bf0-4a3e-a723-749adc1aa630/downloads/67271829455.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466185/; classtype:trojan-activity;sid:84329285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466186)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0325f5e-ab4f-48af-8631-8757a310624e/downloads/57390845107.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466186/; classtype:trojan-activity;sid:84329286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466187)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/45659404876.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466187/; classtype:trojan-activity;sid:84329287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466189)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/80200009732.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466189/; classtype:trojan-activity;sid:84329289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466190)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3a657e0c-a872-4028-94b8-811aea249c49/downloads/shl_general_ability_test_answers_reddit.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466190/; classtype:trojan-activity;sid:84329290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466177)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/7694747911.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466177/; classtype:trojan-activity;sid:84329277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466178)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/danokubiwen.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466178/; classtype:trojan-activity;sid:84329278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466179)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62128af0-82d0-4bae-b967-d393a4304003/downloads/xibuvajuxaluvotom.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466179/; classtype:trojan-activity;sid:84329279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466170)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/redoripedigi.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466170/; classtype:trojan-activity;sid:84329270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466172)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/how_to_cancel_print_job_on_zebra_gk420d.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466172/; classtype:trojan-activity;sid:84329272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466169)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b83dcfc0-bbe6-4498-b356-e365ec2ed396/downloads/zofafiba.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466169/; classtype:trojan-activity;sid:84329269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466161)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37e9011-77af-43eb-9e7b-dd6853450512/downloads/les_jours_de_la_semaine_exercices.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466161/; classtype:trojan-activity;sid:84329261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466162)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/90213521835.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466162/; classtype:trojan-activity;sid:84329262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466154)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/28725733968.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466154/; classtype:trojan-activity;sid:84329254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466149)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7aa15cc-b2d1-4fef-8a47-8d7810090a9c/downloads/jenuwegipujodunoj.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466149/; classtype:trojan-activity;sid:84329249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466151)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/dowuvibatekijutajuvavu.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466151/; classtype:trojan-activity;sid:84329251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466152)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/14196656823.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466152/; classtype:trojan-activity;sid:84329252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466153)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/44a9091e-2134-47ec-8037-250483142ad3/downloads/kenmore_elite_665.12783_k311_service_manual.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466153/; classtype:trojan-activity;sid:84329253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466144)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/50362295282.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466144/; classtype:trojan-activity;sid:84329244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466145)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/navy_uic_code_list.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466145/; classtype:trojan-activity;sid:84329245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466147)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f2acd38-413e-47a5-ac42-d6305581bfab/downloads/logerafanekox.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466147/; classtype:trojan-activity;sid:84329247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466140)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/zakojamoderuvovu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466140/; classtype:trojan-activity;sid:84329240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466133)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b2a026b5-555a-437c-867f-3969f62b48d7/downloads/successfactors_recruiting_implementation_guide.pdf"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466133/; classtype:trojan-activity;sid:84329233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466134)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/97474238027.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466134/; classtype:trojan-activity;sid:84329234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466135)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddcbbbab-f8a6-4067-a450-a2f971a66e79/downloads/daikin_ac_remote_control_guide.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466135/; classtype:trojan-activity;sid:84329235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466138)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/lebuk.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466138/; classtype:trojan-activity;sid:84329238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466139)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/71642361311.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466139/; classtype:trojan-activity;sid:84329239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466128)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kumujadirifokekikivexe.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466128/; classtype:trojan-activity;sid:84329228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466130)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/2818265442.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466130/; classtype:trojan-activity;sid:84329230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466132)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e262bb3c-3205-4bb6-954b-f565479d59e0/downloads/examenes_psicometricos_pruebas_psicometricas_gratis_para_imp.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466132/; classtype:trojan-activity;sid:84329232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466122)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4252a31f-7a57-4ac8-a31e-ee71b2361194/downloads/61162239689.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466122/; classtype:trojan-activity;sid:84329222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466125)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/43b3ecff-25d4-4371-99a8-6df485cf4fd5/downloads/amoeba_sisters_classification_worksheet.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466125/; classtype:trojan-activity;sid:84329225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466115)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/fundamentals_of_power_supply_design_book.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466115/; classtype:trojan-activity;sid:84329215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466116)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/her_yonuyle_modern_almanca_dursun_zengin.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466116/; classtype:trojan-activity;sid:84329216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466117)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/15938565950.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466117/; classtype:trojan-activity;sid:84329217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466107)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d5271715-d4c2-447f-bd8c-804dbc17722c/downloads/experience_certificate_format_for_quality_control_engineer.pdf"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466107/; classtype:trojan-activity;sid:84329207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466109)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1b7f80b5-fb34-497d-8072-447feb44da09/downloads/lewamagoromizesa.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466109/; classtype:trojan-activity;sid:84329209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466110)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/courier_declaration_format.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466110/; classtype:trojan-activity;sid:84329210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466104)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/ruripumefenezalizaf.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466104/; classtype:trojan-activity;sid:84329204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466101)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/32a18e69-8d9d-488c-b50f-45023ca24343/downloads/87353354077.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466101/; classtype:trojan-activity;sid:84329201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466092)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/20305303180.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466092/; classtype:trojan-activity;sid:84329192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466099)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/kutapodisub.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466099/; classtype:trojan-activity;sid:84329199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466100)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0919b7e4-2541-44dd-b945-9d5e6d22eaf1/downloads/xibegakibojonabawaz.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466100/; classtype:trojan-activity;sid:84329200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466083)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/doxuwiponubagexotabos.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466083/; classtype:trojan-activity;sid:84329183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466084)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/54308720858.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466084/; classtype:trojan-activity;sid:84329184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466085)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/gomanelakog.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466085/; classtype:trojan-activity;sid:84329185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466088)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20220120190836if_/https://uploads.strikinglycdn.com/files/b0540ac5-815e-4909-8298-84c9806edce8/9652748319.pdf"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466088/; classtype:trojan-activity;sid:84329188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466089)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/nx_nastran_element_library_reference_manual.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466089/; classtype:trojan-activity;sid:84329189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466074)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/collibra_expert_i_certification_answers_sheet_download_2017.pdf"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466074/; classtype:trojan-activity;sid:84329174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466075)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4ec11559-69c0-4903-84a6-3240babfcfe7/downloads/lapagikevipewijumodoru.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466075/; classtype:trojan-activity;sid:84329175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466076)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1bfc168f-d0df-43cb-a73e-d0c80e42fe5c/downloads/formulaire_virement_international_banque_postale.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466076/; classtype:trojan-activity;sid:84329176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466078)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/96273346643.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466078/; classtype:trojan-activity;sid:84329178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466079)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1feaf4a2-3a85-48bd-b975-ab8d5bcee640/downloads/30816276176.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466079/; classtype:trojan-activity;sid:84329179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466070)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d8f5bd9b-2c75-4c1f-8d4d-84a7de1d3443/downloads/rent_brokerage_receipt_format_word.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466070/; classtype:trojan-activity;sid:84329170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466071)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8439ca10-a5ac-4299-aa09-54ab615a2090/downloads/bozagororaxurivir.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466071/; classtype:trojan-activity;sid:84329171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466072)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/54016191818.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466072/; classtype:trojan-activity;sid:84329172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466073)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f0d27cad-ce96-47a4-a6b6-d00149677212/downloads/87562723190.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466073/; classtype:trojan-activity;sid:84329173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466066)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/swot_analysis_for_poultry_farming.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466066/; classtype:trojan-activity;sid:84329166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466067)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/bosokoxa.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466067/; classtype:trojan-activity;sid:84329167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466063)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/69034861186.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466063/; classtype:trojan-activity;sid:84329163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466065)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/14962502915.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466065/; classtype:trojan-activity;sid:84329165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466060)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/42589334771.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466060/; classtype:trojan-activity;sid:84329160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466054)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/banksman_hand_signals.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466054/; classtype:trojan-activity;sid:84329154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466055)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6cdacb6d-7fbf-4d09-a986-56cdfa4edeb2/downloads/5985868832.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466055/; classtype:trojan-activity;sid:84329155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466056)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/voter_list_delhi_2018.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466056/; classtype:trojan-activity;sid:84329156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466058)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/99737319160.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466058/; classtype:trojan-activity;sid:84329158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466045)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1bfc168f-d0df-43cb-a73e-d0c80e42fe5c/downloads/71653623394.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466045/; classtype:trojan-activity;sid:84329145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466047)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/testing_and_commissioning_of_electrical_equipment.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466047/; classtype:trojan-activity;sid:84329147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466048)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1ffc09a0-c9a4-4762-8145-43798f2fda71/downloads/back_to_work_from_maternity_leave_email.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466048/; classtype:trojan-activity;sid:84329148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466049)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/xepaxijaniwitofoxipoja.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466049/; classtype:trojan-activity;sid:84329149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466051)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/de43da9e-bc77-4e56-a909-0e72ba746cf9/downloads/electricity_bill_name_change_noc_format.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466051/; classtype:trojan-activity;sid:84329151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466052)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2ad58263-1b5c-4da7-bc4a-7b8f99e22218/downloads/formulaire_ordre_de_virement_banque_postale.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466052/; classtype:trojan-activity;sid:84329152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466053)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/76135669664.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466053/; classtype:trojan-activity;sid:84329153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466039)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/23ec0b56-0ae7-4e41-8565-08e517b0b386/downloads/gatamalepuberik.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466039/; classtype:trojan-activity;sid:84329139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466040)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/97106569323.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466040/; classtype:trojan-activity;sid:84329140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466041)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3e3d230e-4918-4f4b-8a10-8ee933aabcaf/downloads/99772344048.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466041/; classtype:trojan-activity;sid:84329141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466037)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/wapurexep.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466037/; classtype:trojan-activity;sid:84329137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466032)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/19668bf7-0111-4cbb-8050-06562ac08bba/downloads/steps_to_create_template_instance_in_tosca.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466032/; classtype:trojan-activity;sid:84329132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466033)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/bidoxefemoduxunirez.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466033/; classtype:trojan-activity;sid:84329133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466034)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/88817028453.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466034/; classtype:trojan-activity;sid:84329134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466027)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/job_work_challan_format_in_excel.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466027/; classtype:trojan-activity;sid:84329127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466028)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34794329-fa5b-49f8-8f60-fb0720b1e556/downloads/14476765670.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466028/; classtype:trojan-activity;sid:84329128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466015)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/resignation_letter_template_family_reasons.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466015/; classtype:trojan-activity;sid:84329115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466016)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8c16f145-4fc0-4af7-a4db-de4acd818fe4/downloads/14431999044.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466016/; classtype:trojan-activity;sid:84329116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466017)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/21303726077.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466017/; classtype:trojan-activity;sid:84329117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466018)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/minupawuferogu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466018/; classtype:trojan-activity;sid:84329118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466020)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b071d266-376f-40c9-bb70-11ca77d8051b/downloads/36008974689.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466020/; classtype:trojan-activity;sid:84329120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466021)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/60919645191.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466021/; classtype:trojan-activity;sid:84329121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466022)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/424b0398-579a-4717-a17a-ffb972bf5819/downloads/audit_professional_clearance_letter_template.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466022/; classtype:trojan-activity;sid:84329122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466023)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/30072850819.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466023/; classtype:trojan-activity;sid:84329123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466025)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/law-making_process_in_zimbabwe.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466025/; classtype:trojan-activity;sid:84329125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466011)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/363b8b8c-bdd6-4ad7-ac6c-ba65cd60171b/downloads/abaqus_user_subroutine_reference_guide.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466011/; classtype:trojan-activity;sid:84329111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466014)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/85845004614.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466014/; classtype:trojan-activity;sid:84329114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466005)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/genuwafazapibiwinowafal.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466005/; classtype:trojan-activity;sid:84329105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466006)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/20322886839.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466006/; classtype:trojan-activity;sid:84329106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466008)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/gagibipawuzepakan.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466008/; classtype:trojan-activity;sid:84329108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466002)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/sample_authorization_letter_to_get_psa_marriage_certificate.pdf"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466002/; classtype:trojan-activity;sid:84329102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465993)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/8517821794.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465993/; classtype:trojan-activity;sid:84329093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465994)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/padanad.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465994/; classtype:trojan-activity;sid:84329094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465995)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9971747c-d991-46ae-b932-5ba73958e604/downloads/fojajexuretimototatoles.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465995/; classtype:trojan-activity;sid:84329095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465996)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/mosodekasaxozebopajebibe.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465996/; classtype:trojan-activity;sid:84329096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465997)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6be9a470-c465-4776-ab76-53713c51537a/downloads/30164245456.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465997/; classtype:trojan-activity;sid:84329097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465999)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f264223f-22e7-47f1-947d-9e365a75e217/downloads/96358679127.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465999/; classtype:trojan-activity;sid:84329099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466000)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f65856df-6ee2-426f-901a-fbcb5106e767/downloads/22057173676.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466000/; classtype:trojan-activity;sid:84329100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465984)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/butterfly_roof_construction_detail.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465984/; classtype:trojan-activity;sid:84329084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465985)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/baxejatoxenidomixidedax.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465985/; classtype:trojan-activity;sid:84329085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465986)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/17465496427.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465986/; classtype:trojan-activity;sid:84329086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465989)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/zabefenakozevopesomewazi.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465989/; classtype:trojan-activity;sid:84329089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465990)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/48283c5b-b198-4860-9bf9-7f30a2f8146b/downloads/zoromipubadijivonexon.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465990/; classtype:trojan-activity;sid:84329090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465991)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8df58291-e0db-425a-9cda-a9882386ada6/downloads/jaladimurefasetuzukiwaxit.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465991/; classtype:trojan-activity;sid:84329091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465992)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/wofalobomosotanavuze.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465992/; classtype:trojan-activity;sid:84329092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465980)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0d21a9d5-01df-4a9e-9327-883996b2f71d/downloads/ansi_electrical_symbols_standards.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465980/; classtype:trojan-activity;sid:84329080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465974)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a435afa7-bc93-481f-8a35-ce503cc8a972/downloads/sri_rudram_namakam_chamakam_tamil.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465974/; classtype:trojan-activity;sid:84329074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465975)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/tumiwujuluxuwaxi.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465975/; classtype:trojan-activity;sid:84329075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465977)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/denutetoraditut.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465977/; classtype:trojan-activity;sid:84329077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465961)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9569c183-65dc-4f14-a45e-e7944584cb65/downloads/bifidetogatovotuwideki.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465961/; classtype:trojan-activity;sid:84329061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465962)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/baroque_guitar_tab.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465962/; classtype:trojan-activity;sid:84329062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465963)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7f34267e-2563-449a-82e3-60f19988c45d/downloads/lic_jeevan_saral_plan_165_chart.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465963/; classtype:trojan-activity;sid:84329063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465965)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/69187265192.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465965/; classtype:trojan-activity;sid:84329065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465968)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d551812a-3c47-48f1-bc1d-3ac42c3f246c/downloads/rigumudusogepivana.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465968/; classtype:trojan-activity;sid:84329068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465969)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/5528845131.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465969/; classtype:trojan-activity;sid:84329069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465971)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/74129229699.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465971/; classtype:trojan-activity;sid:84329071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465972)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/cancionero_catolico_jesed.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465972/; classtype:trojan-activity;sid:84329072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465957)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a3b63b5-3e6a-48ac-8e49-14ed0037cbc4/downloads/historietas_del_medio_ambiente_largas.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465957/; classtype:trojan-activity;sid:84329057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465955)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/62049175170.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465955/; classtype:trojan-activity;sid:84329055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465949)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/10908647555.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465949/; classtype:trojan-activity;sid:84329049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465951)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/maxabamuxixotabevifutiw.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465951/; classtype:trojan-activity;sid:84329051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465953)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/downgrade_oracle_database_from_19c_to_11g.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465953/; classtype:trojan-activity;sid:84329053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465942)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ba9b549d-a804-4d13-a818-3c55b3524acd/downloads/75189909272.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465942/; classtype:trojan-activity;sid:84329042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465945)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/individual_development_plan_powerpoint_template.pdf"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465945/; classtype:trojan-activity;sid:84329045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465946)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/64954946228.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465946/; classtype:trojan-activity;sid:84329046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465939)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/bapozujipo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465939/; classtype:trojan-activity;sid:84329039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465931)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4872c6d8-aa46-4e32-b809-43d741337793/downloads/74841624584.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465931/; classtype:trojan-activity;sid:84329031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465932)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3a90d4c9-f215-49ec-8178-8e50febf5250/downloads/tedutogonisijetinikiw.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465932/; classtype:trojan-activity;sid:84329032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465933)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/wipofuta.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465933/; classtype:trojan-activity;sid:84329033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465935)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4cb1e8a7-0f1a-4c3a-ae4d-65ac09f78b80/downloads/fenekipejivatoxeni.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465935/; classtype:trojan-activity;sid:84329035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465937)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/wolarodipuxusisug.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465937/; classtype:trojan-activity;sid:84329037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465938)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c3be0091-4534-4191-a72e-570acc745d3e/downloads/attestation_de_prise_en_charge_tlscontact.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465938/; classtype:trojan-activity;sid:84329038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465924)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fa4295b9-8c98-4187-bbf8-91c9d7ce5f9e/downloads/89606848887.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465924/; classtype:trojan-activity;sid:84329024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465926)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/44d0963d-ba71-4620-abdb-e3c6631b392b/downloads/balance_confirmation_letter_format_in_word.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465926/; classtype:trojan-activity;sid:84329026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465912)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/rollo_tomassi_the_rational_male_turkce.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465912/; classtype:trojan-activity;sid:84329012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465914)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800bda9c-ed1b-45a1-a7d5-702e4e14f980/downloads/pmp_42_processes_chart.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465914/; classtype:trojan-activity;sid:84329014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465915)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/86917927693.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465915/; classtype:trojan-activity;sid:84329015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465916)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/methodologie_du_commentaire_compose_francais.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465916/; classtype:trojan-activity;sid:84329016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465919)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/gauss_elimination_method_example_with_solution.pdf"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465919/; classtype:trojan-activity;sid:84329019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465910)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5f03ee03-a319-4a1e-a052-a99710c59365/downloads/bujulodipesotixugakujup.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465910/; classtype:trojan-activity;sid:84329010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465906)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/hsbc_bank_statement.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465906/; classtype:trojan-activity;sid:84329006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465909)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/94e1955e-c7d2-4e11-a6ac-7a5ec652d6cd/downloads/suzuki_dt4_owners_manual.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465909/; classtype:trojan-activity;sid:84329009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465903)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8f5eeb54-04ec-4a30-bb55-41e413d1f3ed/downloads/open_pit_mine_planning_and_design.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465903/; classtype:trojan-activity;sid:84329003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465904)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ceb9a026-f6c4-4e26-a968-d8e0e8d06aaa/downloads/tevedowopalugafaxoro.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465904/; classtype:trojan-activity;sid:84329004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465905)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/adb32098-1c7a-4519-9e53-ced990fc5d88/downloads/kuniwuzujujurejovewo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465905/; classtype:trojan-activity;sid:84329005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465896)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/76236294804.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465896/; classtype:trojan-activity;sid:84328996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465897)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ab86f22-a419-4e4f-91d4-5a654823f744/downloads/pamolitix.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465897/; classtype:trojan-activity;sid:84328997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465898)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/697088a1-6c9a-496e-9a4d-922308cd97be/downloads/42508658220.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465898/; classtype:trojan-activity;sid:84328998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465885)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/sotax_at_xtend_user_manual.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465885/; classtype:trojan-activity;sid:84328985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465886)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5d8bfe2e-b91e-431f-9bdc-3f0ea97e388e/downloads/wovivesapo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465886/; classtype:trojan-activity;sid:84328986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465888)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/sample_consent_letter_from_husband_for_wife_to_travel.pdf"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465888/; classtype:trojan-activity;sid:84328988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465889)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/formulaire_renouvellement_titre_de_sejour_yvelines.pdf"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465889/; classtype:trojan-activity;sid:84328989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465891)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/71d9f42f-0bad-4406-8a48-95c698e57e68/downloads/98599689697.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465891/; classtype:trojan-activity;sid:84328991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465892)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/92007305293.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465892/; classtype:trojan-activity;sid:84328992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465893)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d07e2353-3643-42fe-ba11-ffa772b1a28d/downloads/duff_phelps_size_premium.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465893/; classtype:trojan-activity;sid:84328993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465881)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9213334f-b8c6-41b2-903d-dc8cc5791a0a/downloads/49429599069.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465881/; classtype:trojan-activity;sid:84328981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465882)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/22187922858.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465882/; classtype:trojan-activity;sid:84328982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465876)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d5e97205-d745-471d-94c2-4bc94f943a29/downloads/nafexasu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465876/; classtype:trojan-activity;sid:84328976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465878)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/99401481523.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465878/; classtype:trojan-activity;sid:84328978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465879)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/harry_potter_ea_camara_secreta_ilustrado.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465879/; classtype:trojan-activity;sid:84328979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465870)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800cff82-04ba-4c47-9f8b-d21367acb04d/downloads/all_gujarati_magazine.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465870/; classtype:trojan-activity;sid:84328970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465871)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/34103705134.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465871/; classtype:trojan-activity;sid:84328971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465872)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9a32841c-0d54-4ad0-8acd-a5b15c41cae1/downloads/nagpur_metro_phase_2_dpr.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465872/; classtype:trojan-activity;sid:84328972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465873)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/99406712648.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465873/; classtype:trojan-activity;sid:84328973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465874)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96d7062c-715f-4c9e-82c2-ac322bf04d1a/downloads/fawafep.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465874/; classtype:trojan-activity;sid:84328974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465875)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/51e053ea-8122-46e3-bee6-6c00a935619c/downloads/28185631859.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465875/; classtype:trojan-activity;sid:84328975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465865)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/renamotoxuxesike.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465865/; classtype:trojan-activity;sid:84328965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465866)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/wixutazavadupiruzani.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465866/; classtype:trojan-activity;sid:84328966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465864)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/vixodamev.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465864/; classtype:trojan-activity;sid:84328964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465852)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pulse_secure_network_error_1329.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465852/; classtype:trojan-activity;sid:84328952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465853)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8fc62093-f93e-447d-8e21-b1e235f4d9cc/downloads/cibse_psychrometric_chart.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465853/; classtype:trojan-activity;sid:84328953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465857)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/citrix_adc_vpx_datasheet.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465857/; classtype:trojan-activity;sid:84328957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465847)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cac64821-2205-4248-abd9-55e775312c94/downloads/rosigamosusen.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465847/; classtype:trojan-activity;sid:84328947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465848)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/fosofiboma.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465848/; classtype:trojan-activity;sid:84328948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465850)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/600b6853-9b14-40c4-b9d1-c0a10f9ad1eb/downloads/mathematics_core_topics_sl.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465850/; classtype:trojan-activity;sid:84328950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465843)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6e0acf5f-e652-447e-8a3a-90dcb81c48ee/downloads/loan_cancellation_letter.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465843/; classtype:trojan-activity;sid:84328943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465844)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98fd26ea-5c50-4ebf-945e-7ed158ebe1b6/downloads/workplace_printable_hurt_feelings_report.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465844/; classtype:trojan-activity;sid:84328944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465845)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/zalekebi.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465845/; classtype:trojan-activity;sid:84328945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465833)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/58616986475.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465833/; classtype:trojan-activity;sid:84328933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465835)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/one_of_us_is_lying_character_quotes.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465835/; classtype:trojan-activity;sid:84328935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465839)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0e65d320-97ed-47cb-9ca0-bcd7400824c9/downloads/jewuzikilodejosowar.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465839/; classtype:trojan-activity;sid:84328939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465825)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72fc6eb8-20de-4439-bced-6bfc7eecaa8e/downloads/bogev.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465825/; classtype:trojan-activity;sid:84328925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465826)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/58b13a51-176b-4b7e-ab1e-a0c84e7a5487/downloads/currency_market_mechanics_bmc_answers.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465826/; classtype:trojan-activity;sid:84328926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465827)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/018aefd4-3541-4598-a5c3-d0911ca60a82/downloads/asce_7-05_espanol_gratis.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465827/; classtype:trojan-activity;sid:84328927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465828)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tifunakarexefeguwitoda.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465828/; classtype:trojan-activity;sid:84328928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465829)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06a2cc2e-f4bb-4ca4-a0d9-71e2fc8b7812/downloads/molaxoxekex.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465829/; classtype:trojan-activity;sid:84328929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465830)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/iata_airport_handling_manual_2019_full.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465830/; classtype:trojan-activity;sid:84328930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465831)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c1bf3ae2-f6cc-4078-b639-2ff1ca0b62be/downloads/1172286111.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465831/; classtype:trojan-activity;sid:84328931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465832)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/euchre_score_sheets_for_16_players.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465832/; classtype:trojan-activity;sid:84328932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465820)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/dungeon_crawl_classics.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465820/; classtype:trojan-activity;sid:84328920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465804)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/69904656893.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465804/; classtype:trojan-activity;sid:84328904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465806)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/emmaus_walk_letters_of_encouragement.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465806/; classtype:trojan-activity;sid:84328906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465809)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fc635392-61de-40bc-86f0-c9844fcf30fd/downloads/gramatica_portugues_brasil.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465809/; classtype:trojan-activity;sid:84328909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465811)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20231202090504if_/https://img1.wsimg.com/blobby/go/26fc9bcf-ab3e-485a-9229-f4b5ff23d9d8/downloads/55556666332.pdf"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465811/; classtype:trojan-activity;sid:84328911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465814)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/647bfca3-c5f6-48a0-9ec3-35afde17c6e3/downloads/gamokul.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465814/; classtype:trojan-activity;sid:84328914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465815)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fa284320-69aa-45db-92e2-86468d4beaf0/downloads/53174458267.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465815/; classtype:trojan-activity;sid:84328915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465795)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72502959-bd3f-431c-9582-055fb0eb9e9d/downloads/nike_employee_benefits.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465795/; classtype:trojan-activity;sid:84328895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465798)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/97767745983.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465798/; classtype:trojan-activity;sid:84328898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465799)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/country_of_origin_letter_template.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465799/; classtype:trojan-activity;sid:84328899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465802)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/39834772333.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465802/; classtype:trojan-activity;sid:84328902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465790)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/rofaruzev.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465790/; classtype:trojan-activity;sid:84328890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465791)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/verismo_701_service_manual.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465791/; classtype:trojan-activity;sid:84328891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465792)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rodudiniruzawame.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465792/; classtype:trojan-activity;sid:84328892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465785)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3c8f7a45-f68c-4369-8f63-be6429599400/downloads/butulanimirovubeve.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465785/; classtype:trojan-activity;sid:84328885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465786)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c725aa89-ce3b-4b0b-861e-e7c40702153d/downloads/gisewonivikamadoliwozuv.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465786/; classtype:trojan-activity;sid:84328886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465787)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d1335ae9-6401-4997-a89d-ffce5d766eb7/downloads/44332900662.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465787/; classtype:trojan-activity;sid:84328887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465779)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6f72d87-e560-495a-a5bd-684e976b53e4/downloads/nagano_keiki_km10.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465779/; classtype:trojan-activity;sid:84328879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465781)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/76488986948.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465781/; classtype:trojan-activity;sid:84328881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465782)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ac62f849-5623-435a-93ad-86e4d8edc83e/downloads/90625111849.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465782/; classtype:trojan-activity;sid:84328882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465772)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/72445144906.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465772/; classtype:trojan-activity;sid:84328872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465773)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0e65d320-97ed-47cb-9ca0-bcd7400824c9/downloads/wrightbus_streetlite_manual.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465773/; classtype:trojan-activity;sid:84328873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465776)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/waste_management_in_dubai.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465776/; classtype:trojan-activity;sid:84328876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465777)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/chevening_scholarship_reference_letter_sample.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465777/; classtype:trojan-activity;sid:84328877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465778)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/14409296375.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465778/; classtype:trojan-activity;sid:84328878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465766)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d128fcda-7fcc-4d89-85b3-e79c54d4414e/downloads/unit_conversion_practice_problems.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465766/; classtype:trojan-activity;sid:84328866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465768)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/11197801286.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465768/; classtype:trojan-activity;sid:84328868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465769)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/50ab7773-f1d2-4be6-a8e2-1065b2477787/downloads/41229957036.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465769/; classtype:trojan-activity;sid:84328869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465771)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/950f7924-fa6b-44be-bda3-22eaf526f43f/downloads/konujidav.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465771/; classtype:trojan-activity;sid:84328871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465760)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/burijuterapudupelirebi.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465760/; classtype:trojan-activity;sid:84328860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465761)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a85f54ee-11f7-4ab3-9970-dabd8f52d583/downloads/vowivovabafases.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465761/; classtype:trojan-activity;sid:84328861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465762)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/acb19439-02ad-48ae-a6e4-8c3bfce04694/downloads/32470708569.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465762/; classtype:trojan-activity;sid:84328862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465763)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/xikesoxabafubuwepof.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465763/; classtype:trojan-activity;sid:84328863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465764)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/2251478862.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465764/; classtype:trojan-activity;sid:84328864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465765)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9d0d7648-4006-4e9a-bf4e-cd4f5c534844/downloads/socomec_ups_service_manual.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465765/; classtype:trojan-activity;sid:84328865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465757)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/6098867423.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465757/; classtype:trojan-activity;sid:84328857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465758)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2b383d2d-2b5a-4b4f-949f-124c21f71183/downloads/how_to_write_an_introduction_letter_to_an_embassy.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465758/; classtype:trojan-activity;sid:84328858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465755)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41780010-2245-4f59-96ea-abe2bb04704f/downloads/38265042738.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465755/; classtype:trojan-activity;sid:84328855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465747)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/183feb73-c001-4172-a9c4-8aedcbb9c085/downloads/nosasasoxanuxoxazefuz.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465747/; classtype:trojan-activity;sid:84328847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465749)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/gibekewelodi.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465749/; classtype:trojan-activity;sid:84328849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465752)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/16395777837.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465752/; classtype:trojan-activity;sid:84328852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465753)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/jspdf_autotable_x_position.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465753/; classtype:trojan-activity;sid:84328853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465739)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a0b0ee5f-47ab-407d-8f2e-b86a71eb1b80/downloads/cerere_demisie_fara_preaviz.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465739/; classtype:trojan-activity;sid:84328839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465740)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0fde6049-38a2-402e-8604-5a56fc977486/downloads/request_letter_for_construction_bond_refund.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465740/; classtype:trojan-activity;sid:84328840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465741)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cdd5ea6e-1f6b-4417-9fad-928f6d1c8a68/downloads/50_verbes_irreguliers_en_anglais.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465741/; classtype:trojan-activity;sid:84328841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465742)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a69ed85-566a-4d22-8bd3-47a8a314b3bf/downloads/molecular_mass_of_elements_list.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465742/; classtype:trojan-activity;sid:84328842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465744)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/69278806631.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465744/; classtype:trojan-activity;sid:84328844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465735)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/nonisenokedevesuxumuk.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465735/; classtype:trojan-activity;sid:84328835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465729)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/mesoduwegotujowokikurixo.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465729/; classtype:trojan-activity;sid:84328829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465731)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2b383d2d-2b5a-4b4f-949f-124c21f71183/downloads/how_to_fill_up_deed_of_sale_of_motor_vehicle.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465731/; classtype:trojan-activity;sid:84328831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465724)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/33d2c907-2bf6-4426-875f-30dcfdd2ea6c/downloads/takeshi_amemiya_advanced_econometrics.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465724/; classtype:trojan-activity;sid:84328824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465725)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/paxakuvenu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465725/; classtype:trojan-activity;sid:84328825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465715)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/51d0d552-51a2-4187-835e-597cbad426c9/downloads/astm_e2500.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465715/; classtype:trojan-activity;sid:84328815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465716)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/16407212514.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465716/; classtype:trojan-activity;sid:84328816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465717)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2215a6c-0436-4d82-8033-c5d079398259/downloads/mewivisonixapolivifit.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465717/; classtype:trojan-activity;sid:84328817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465718)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5778216d-14df-4dd7-ac4c-aefbb7c07c24/downloads/kugaduvekujewotaz.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465718/; classtype:trojan-activity;sid:84328818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465719)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tafanavevimewom.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465719/; classtype:trojan-activity;sid:84328819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465721)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lemowegigusazisalelupo.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465721/; classtype:trojan-activity;sid:84328821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465722)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5add4dbc-ec7d-4010-9077-0d95eef82ba1/downloads/64293794102.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465722/; classtype:trojan-activity;sid:84328822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465723)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a7c970be-6487-407b-ae67-0318aa6bed96/downloads/19932307165.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465723/; classtype:trojan-activity;sid:84328823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465709)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/lowasa.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465709/; classtype:trojan-activity;sid:84328809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465710)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8014aeaa-17b8-4bcd-a9d7-094ad1ff7644/downloads/19999334835.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465710/; classtype:trojan-activity;sid:84328810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465711)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/921a43a6-1495-4d95-bdb1-69b79162b826/downloads/13397059696.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465711/; classtype:trojan-activity;sid:84328811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465714)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b3cb2fd2-80cf-4497-9966-46f7699e136d/downloads/kovajive.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465714/; classtype:trojan-activity;sid:84328814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465707)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/49bbfdeb-576f-4f20-b756-96ff9c705013/downloads/96422280236.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465707/; classtype:trojan-activity;sid:84328807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465708)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/imo_dangerous_goods_declaration_example.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465708/; classtype:trojan-activity;sid:84328808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465703)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/88847399269.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465703/; classtype:trojan-activity;sid:84328803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465704)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cdb9e382-acbe-48dd-9722-c531572d81a1/downloads/pugalisamelifakebage.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465704/; classtype:trojan-activity;sid:84328804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465697)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/89463890604.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465697/; classtype:trojan-activity;sid:84328797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465699)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/lotumajufinunixine.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465699/; classtype:trojan-activity;sid:84328799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465701)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d9951c46-77aa-4ac5-b843-be02d4be2067/downloads/50826134191.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465701/; classtype:trojan-activity;sid:84328801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465702)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kasupobuwomubafujos.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465702/; classtype:trojan-activity;sid:84328802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465688)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20230531145313if_/http://img1.wsimg.com/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/zalekebi.pdf"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465688/; classtype:trojan-activity;sid:84328788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465691)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/jotepebuzixulelomizo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465691/; classtype:trojan-activity;sid:84328791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465692)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e51c42a2-48a1-43ea-b124-a034de3679a6/downloads/83320615193.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465692/; classtype:trojan-activity;sid:84328792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465693)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/78c14b69-39ed-4d94-8d63-a7b29776e43c/downloads/radix_temperature_controller_x_48_manual.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465693/; classtype:trojan-activity;sid:84328793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465694)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/24a9af23-a9c8-45b6-80f8-335651f17510/downloads/96094090900.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465694/; classtype:trojan-activity;sid:84328794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465695)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/22a15b49-22b8-4edf-a855-4e76194b4aaf/downloads/97812412729.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465695/; classtype:trojan-activity;sid:84328795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465685)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/lizaputasu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465685/; classtype:trojan-activity;sid:84328785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465679)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/boxikijefedajexufesibul.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465679/; classtype:trojan-activity;sid:84328779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465680)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/11012613986.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465680/; classtype:trojan-activity;sid:84328780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465682)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/bucharest_grill_nutrition_information.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465682/; classtype:trojan-activity;sid:84328782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465683)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3844a76d-a274-4a3a-ad7f-2943a29e37b3/downloads/lezopidigusaraten.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465683/; classtype:trojan-activity;sid:84328783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465675)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e9dc005a-39e6-474d-bf2f-ef67b812a261/downloads/guia_para_ingresar_al_bachillerato_conamat.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465675/; classtype:trojan-activity;sid:84328775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465678)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/robaziromumeborumapix.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465678/; classtype:trojan-activity;sid:84328778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465671)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/52e9408f-c536-4a35-bd81-6078a5dce549/downloads/5252998215.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465671/; classtype:trojan-activity;sid:84328771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465672)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/36758652154.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465672/; classtype:trojan-activity;sid:84328772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465673)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/73577237968.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465673/; classtype:trojan-activity;sid:84328773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465657)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/louison_et_monsieur_moliere_resume.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465657/; classtype:trojan-activity;sid:84328757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465660)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a03fd264-622c-49da-819e-92c49cdd5e2b/downloads/xovifubakuforij.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465660/; classtype:trojan-activity;sid:84328760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465663)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/rupesiduvunimekesozo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465663/; classtype:trojan-activity;sid:84328763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465664)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/special_forces_knife_techniques.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465664/; classtype:trojan-activity;sid:84328764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465665)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/90645579432.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465665/; classtype:trojan-activity;sid:84328765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465666)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7eafcf9d-33bd-4fd4-8489-654d240ab2f3/downloads/6130931006.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465666/; classtype:trojan-activity;sid:84328766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465667)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0319bbe-78e1-4446-90fc-2b4b4cc85a3e/downloads/camp_green_lake.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465667/; classtype:trojan-activity;sid:84328767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465668)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/478a916a-56a8-445d-9eb0-b1a280ba537b/downloads/27628335796.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465668/; classtype:trojan-activity;sid:84328768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465655)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/eating_questionnaire-_a_ede-a_scoring.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465655/; classtype:trojan-activity;sid:84328755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465652)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/myer_victor_sewing_machine_manual.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465652/; classtype:trojan-activity;sid:84328752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465647)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/jorejujavupu.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465647/; classtype:trojan-activity;sid:84328747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465648)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41fa09f3-79bd-43c0-909a-d1a20c3cb7f6/downloads/attestation_sur_l_honneur_de_non_ressources.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465648/; classtype:trojan-activity;sid:84328748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465649)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/eb7f2f0c-e896-4e47-abeb-a05a47b6dcff/downloads/37569138292.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465649/; classtype:trojan-activity;sid:84328749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465630)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/98482064700.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465630/; classtype:trojan-activity;sid:84328730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465631)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/83364999300.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465631/; classtype:trojan-activity;sid:84328731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465632)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/records_of_declaration_disbursements_division.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465632/; classtype:trojan-activity;sid:84328732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465633)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f6084bd9-50ce-4d5f-82c5-bb685cd57a0d/downloads/mdsap_audit_checklist.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465633/; classtype:trojan-activity;sid:84328733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465635)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/jaziz.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465635/; classtype:trojan-activity;sid:84328735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465636)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a74441e7-424c-4454-9bc5-28c3682f6c16/downloads/jupifevaperoziput.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465636/; classtype:trojan-activity;sid:84328736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465637)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f778edfd-e481-47d7-9553-9364d433dcaf/downloads/morningstar_andex_chart_2022.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465637/; classtype:trojan-activity;sid:84328737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465638)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cabcb3ce-a861-487f-a172-56f4b47cbc63/downloads/nilefovidigutozezosanuz.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465638/; classtype:trojan-activity;sid:84328738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465640)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/39892598323.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465640/; classtype:trojan-activity;sid:84328740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465641)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/00810c7d-a901-42bd-b2e3-20945a4ad8cb/downloads/wimorawezabizu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465641/; classtype:trojan-activity;sid:84328741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465642)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/viduwe.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465642/; classtype:trojan-activity;sid:84328742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465643)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a1b48068-f219-4487-b633-0ea4f25dfa5f/downloads/57025089155.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465643/; classtype:trojan-activity;sid:84328743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465625)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/00490ec0-0f24-4e25-91e3-8e5bedec5e60/downloads/woxudinawonetunogidubi.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465625/; classtype:trojan-activity;sid:84328725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465626)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2224247e-29ce-4f8d-b838-abfcbdf269c0/downloads/16984198490.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465626/; classtype:trojan-activity;sid:84328726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465622)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/33bb6cfc-294d-4317-8afb-5d34ed60ffe6/downloads/20222176664.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465622/; classtype:trojan-activity;sid:84328722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465618)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/72454635563.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465618/; classtype:trojan-activity;sid:84328718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465621)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pisaxafubavofi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465621/; classtype:trojan-activity;sid:84328721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465613)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/catastrophic_disaster_area_property_inspection_report.pdf"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465613/; classtype:trojan-activity;sid:84328713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465615)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/citadel_document_solutions_lawsuit.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465615/; classtype:trojan-activity;sid:84328715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465607)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/fumaxogufav.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465607/; classtype:trojan-activity;sid:84328707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465610)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/kigepobesewizijipakusafal.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465610/; classtype:trojan-activity;sid:84328710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465600)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/tabuas_sumerias_traduzidas.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465600/; classtype:trojan-activity;sid:84328700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465603)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/17054728623.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465603/; classtype:trojan-activity;sid:84328703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465604)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/678cd2ef-32fa-4621-9c35-e4f34096b4ea/downloads/airbus_cml.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465604/; classtype:trojan-activity;sid:84328704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465605)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/3730146334.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465605/; classtype:trojan-activity;sid:84328705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465606)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/36770579775.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465606/; classtype:trojan-activity;sid:84328706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465594)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a0b0ee5f-47ab-407d-8f2e-b86a71eb1b80/downloads/luxodebapiruwuneragomugef.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465594/; classtype:trojan-activity;sid:84328694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465598)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/87554570559.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465598/; classtype:trojan-activity;sid:84328698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465599)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fff11fc4-91ee-4c26-ab94-6b71630d2bb1/downloads/resignation_letter_sample_for_bpo_company.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465599/; classtype:trojan-activity;sid:84328699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465586)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/84675915071.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465586/; classtype:trojan-activity;sid:84328686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465588)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/17a8127f-1a20-4f1c-a234-ba1b1a8873f5/downloads/90572854820.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465588/; classtype:trojan-activity;sid:84328688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465589)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/78534035283.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465589/; classtype:trojan-activity;sid:84328689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465590)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/wudofe.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465590/; classtype:trojan-activity;sid:84328690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465592)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/glassman_high_voltage_series_eq_manual.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465592/; classtype:trojan-activity;sid:84328692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465593)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/57653563602.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465593/; classtype:trojan-activity;sid:84328693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465585)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/343166b6-b38d-45a3-a768-806295759a1d/downloads/vatemunubiserotogurozem.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465585/; classtype:trojan-activity;sid:84328685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465582)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/simamutozudolejezeze.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465582/; classtype:trojan-activity;sid:84328682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465583)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a8a7b266-73df-492a-af50-f7d9f90e0e6d/downloads/salesforce_community_developer_guide.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465583/; classtype:trojan-activity;sid:84328683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465572)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/zepojekowokevi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465572/; classtype:trojan-activity;sid:84328672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465573)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2cd8ef37-3f02-4d83-b132-5400b0b21173/downloads/can_sins_be_forgiven_in_hinduism.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465573/; classtype:trojan-activity;sid:84328673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465574)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9390f2de-e8f5-48e5-8f1b-3aa5affb2913/downloads/ra_to_surface_finish.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465574/; classtype:trojan-activity;sid:84328674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465577)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/holman_enterprises_annual_report.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465577/; classtype:trojan-activity;sid:84328677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465551)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/chiller_factory_acceptance_test_checklist_template.pdf"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465551/; classtype:trojan-activity;sid:84328651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465552)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7913e2d4-0776-44f0-af91-53eb35e22f50/downloads/broken_sous_ta_peau_2_ekladata.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465552/; classtype:trojan-activity;sid:84328652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465553)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/lujipipatemajipurozurile.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465553/; classtype:trojan-activity;sid:84328653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465554)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/20a6346a-1701-43f8-be7d-6426912a09c2/downloads/sottoindicato_o_sotto_indicato_treccani.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465554/; classtype:trojan-activity;sid:84328654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465555)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62fde782-5483-4905-a6da-12e04ab1250b/downloads/38559734752.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465555/; classtype:trojan-activity;sid:84328655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465556)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dfa50dfd-b675-4866-b542-d79684ac1045/downloads/28769720040.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465556/; classtype:trojan-activity;sid:84328656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465557)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/formato_st-4_imss_para_imprimir.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465557/; classtype:trojan-activity;sid:84328657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465558)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/adfd48e6-08dc-41dd-a2a1-45489e329c75/downloads/attestation_de_non_affiliation_cnas.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465558/; classtype:trojan-activity;sid:84328658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465559)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tosca_automation_specialist_level_2_certification_questions_.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465559/; classtype:trojan-activity;sid:84328659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465560)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/how_to_factory_reset_verifone_mx915.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465560/; classtype:trojan-activity;sid:84328660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465561)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5e489076-b026-43ca-95da-8c6fe49f6d00/downloads/frm_part_2_schweser_quicksheet.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465561/; classtype:trojan-activity;sid:84328661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465562)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/incucyte_s3_user_guide.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465562/; classtype:trojan-activity;sid:84328662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465563)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/lean_visual_management_board_examples.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465563/; classtype:trojan-activity;sid:84328663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465564)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/1567746722.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465564/; classtype:trojan-activity;sid:84328664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465565)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6875802-d83d-45fa-a01c-dd9f30c53739/downloads/xujudodavudejeb.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465565/; classtype:trojan-activity;sid:84328665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465566)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/situation_denonciation_coupe_ou_ancre_exercices_corriges.pdf"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465566/; classtype:trojan-activity;sid:84328666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465567)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/wikuzidip.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465567/; classtype:trojan-activity;sid:84328667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465568)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d5e97205-d745-471d-94c2-4bc94f943a29/downloads/87185669225.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465568/; classtype:trojan-activity;sid:84328668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465569)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/likibixeve.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465569/; classtype:trojan-activity;sid:84328669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465570)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/exsilentia_4._0_user_guide.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465570/; classtype:trojan-activity;sid:84328670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465571)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/586b3ef6-c9db-4d1a-a9eb-303f942e21fa/downloads/55359157176.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465571/; classtype:trojan-activity;sid:84328671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465210)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kjjvh1muhjrkrzbajjlzjfawyi0zvxc1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3465210/; classtype:trojan-activity;sid:84328310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465211)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1e2jdrds0cimrw3ypjrguvfl-cfsu0vkv"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3465211/; classtype:trojan-activity;sid:84328311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464706)"; flow:established,from_client; content:"GET"; http_method; content:"/down/wupiao.3987.com.rar"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"forspeed.onlinedown.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464706/; classtype:trojan-activity;sid:84327806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464250)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464250/; classtype:trojan-activity;sid:84327350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464258)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464258/; classtype:trojan-activity;sid:84327358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464239)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464239/; classtype:trojan-activity;sid:84327339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464227)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464227/; classtype:trojan-activity;sid:84327327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464216)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464216/; classtype:trojan-activity;sid:84327316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464196)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464196/; classtype:trojan-activity;sid:84327296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464193)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464193/; classtype:trojan-activity;sid:84327293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464147)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464147/; classtype:trojan-activity;sid:84327247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463509)"; flow:established,from_client; content:"GET"; http_method; content:"/up/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"blessdayservices.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463509/; classtype:trojan-activity;sid:84326609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463480)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"admin.gestroom.it"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463480/; classtype:trojan-activity;sid:84326580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463481)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"test.peperoncinochepassione.it"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463481/; classtype:trojan-activity;sid:84326581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463482)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"first-security-verden.de"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463482/; classtype:trojan-activity;sid:84326582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463470)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.first-security-verden.de"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463470/; classtype:trojan-activity;sid:84326570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463472)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"zamilgroups.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463472/; classtype:trojan-activity;sid:84326572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463459)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.website.mypetapp.co.za"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463459/; classtype:trojan-activity;sid:84326559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463446)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.bratusferramentas.grupomoltz.com.br"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463446/; classtype:trojan-activity;sid:84326546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463437)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"website.mypetapp.co.za"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463437/; classtype:trojan-activity;sid:84326537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463426)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"bmdcompany.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463426/; classtype:trojan-activity;sid:84326526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463430)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.zamilgroups.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463430/; classtype:trojan-activity;sid:84326530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463422)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.test.peperoncinochepassione.it"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463422/; classtype:trojan-activity;sid:84326522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463367)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"82.146.62.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463367/; classtype:trojan-activity;sid:84326467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.216.55.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462442/; classtype:trojan-activity;sid:84325542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462395)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips64n32"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462395/; classtype:trojan-activity;sid:84325495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462396)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpce500mc"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462396/; classtype:trojan-activity;sid:84325496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462397)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462397/; classtype:trojan-activity;sid:84325497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462398)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc440fp"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462398/; classtype:trojan-activity;sid:84325498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462400)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc64e5500"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462400/; classtype:trojan-activity;sid:84325500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462401)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpce300c3"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462401/; classtype:trojan-activity;sid:84325501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462402)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.arclehs38"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462402/; classtype:trojan-activity;sid:84325502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462403)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.armv7"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462403/; classtype:trojan-activity;sid:84325503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462404)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.riscv32"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462404/; classtype:trojan-activity;sid:84325504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462405)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc64power8"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462405/; classtype:trojan-activity;sid:84325505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462407)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462407/; classtype:trojan-activity;sid:84325507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462408)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.sparc64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462408/; classtype:trojan-activity;sid:84325508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462409)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.aarch64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462409/; classtype:trojan-activity;sid:84325509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462410)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.riscv64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462410/; classtype:trojan-activity;sid:84325510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462411)"; flow:established,from_client; content:"GET"; http_method; content:"/dl1001"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462411/; classtype:trojan-activity;sid:84325511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462413)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.armv6"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462413/; classtype:trojan-activity;sid:84325513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462414)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.armv4"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462414/; classtype:trojan-activity;sid:84325514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462415)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc64e6500"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462415/; classtype:trojan-activity;sid:84325515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462416)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.aarch64be"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462416/; classtype:trojan-activity;sid:84325516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462417)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips64len32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462417/; classtype:trojan-activity;sid:84325517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462418)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462418/; classtype:trojan-activity;sid:84325518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461771)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin2.plg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461771/; classtype:trojan-activity;sid:84324871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461769)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin1.plg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461769/; classtype:trojan-activity;sid:84324869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461770)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin2.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461770/; classtype:trojan-activity;sid:84324870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461768)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin3.plg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461768/; classtype:trojan-activity;sid:84324868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461767)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin1.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461767/; classtype:trojan-activity;sid:84324867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461763)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin3.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461763/; classtype:trojan-activity;sid:84324863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461663)"; flow:established,from_client; content:"GET"; http_method; content:"/robertdavidgraham/masscan/zip/refs/heads/master"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461663/; classtype:trojan-activity;sid:84324763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461661)"; flow:established,from_client; content:"GET"; http_method; content:"/robertdavidgraham/masscan/archive/refs/heads/master.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461661/; classtype:trojan-activity;sid:84324761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461597)"; flow:established,from_client; content:"GET"; http_method; content:"/x/irq2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461597/; classtype:trojan-activity;sid:84324697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461595)"; flow:established,from_client; content:"GET"; http_method; content:"/x/irq0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461595/; classtype:trojan-activity;sid:84324695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461596)"; flow:established,from_client; content:"GET"; http_method; content:"/x/irq1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461596/; classtype:trojan-activity;sid:84324696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461590)"; flow:established,from_client; content:"GET"; http_method; content:"/x/2sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461590/; classtype:trojan-activity;sid:84324690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461591)"; flow:established,from_client; content:"GET"; http_method; content:"/x/pty"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461591/; classtype:trojan-activity;sid:84324691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461592)"; flow:established,from_client; content:"GET"; http_method; content:"/x/1sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461592/; classtype:trojan-activity;sid:84324692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461593)"; flow:established,from_client; content:"GET"; http_method; content:"/x/3sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461593/; classtype:trojan-activity;sid:84324693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3461342/; classtype:trojan-activity;sid:84324442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460685)"; flow:established,from_client; content:"GET"; http_method; content:"/gwyiomi/apex-legends-external-cheat-hack-trigger-glow-aimbot-skin-more-hwid-spoofer/releases/download/v2.0/software.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3460685/; classtype:trojan-activity;sid:84323785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.62.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460149/; classtype:trojan-activity;sid:84323249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460000)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uxmu02r04iaslsrsh9quahzfsvq3tozm"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460000/; classtype:trojan-activity;sid:84323100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459820)"; flow:established,from_client; content:"GET"; http_method; content:"/kaidopack/mod-gta5/releases/download/v3.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459820/; classtype:trojan-activity;sid:84322920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459821)"; flow:established,from_client; content:"GET"; http_method; content:"/kachinimin/mod-gta5/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459821/; classtype:trojan-activity;sid:84322921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459822)"; flow:established,from_client; content:"GET"; http_method; content:"/micahchue/hwid-spoofer-and-cleaner-2024/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459822/; classtype:trojan-activity;sid:84322922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459816)"; flow:established,from_client; content:"GET"; http_method; content:"/skygodhee1/spoofer-hwid-game/releases/download/v3.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459816/; classtype:trojan-activity;sid:84322916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459818)"; flow:established,from_client; content:"GET"; http_method; content:"/burlador31/mod-gta5/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459818/; classtype:trojan-activity;sid:84322918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459714)"; flow:established,from_client; content:"GET"; http_method; content:"/sweaty27/roblox-bunni-executor/releases/download/v3.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459714/; classtype:trojan-activity;sid:84322814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459660)"; flow:established,from_client; content:"GET"; http_method; content:"/joseber1/bioguard-hwid-spoofer-hwid-changer-bios-cpu/releases/download/v2.0/software.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459660/; classtype:trojan-activity;sid:84322760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3453055)"; flow:established,from_client; content:"GET"; http_method; content:"/cet/aduna"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.80.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3453055/; classtype:trojan-activity;sid:84316155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3452200)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.62.202.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3452200/; classtype:trojan-activity;sid:84315300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3451985)"; flow:established,from_client; content:"GET"; http_method; content:"/journal-article/a147182cc7fab317ca1d96d380f536cb/skidmore1987.pdf"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3451985/; classtype:trojan-activity;sid:84315085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3450176)"; flow:established,from_client; content:"GET"; http_method; content:"/temp/putty.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"book.rollingvideogames.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3450176/; classtype:trojan-activity;sid:84313276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3450147)"; flow:established,from_client; content:"GET"; http_method; content:"/loveryajenja/lwafmwoafmw11/raw/refs/heads/main/install.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3450147/; classtype:trojan-activity;sid:84313247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3450048)"; flow:established,from_client; content:"GET"; http_method; content:"/continue/45.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.benshamcentre.co.uk"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3450048/; classtype:trojan-activity;sid:84313148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3449986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.248.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3449986/; classtype:trojan-activity;sid:84313086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3449169)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"207.244.199.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3449169/; classtype:trojan-activity;sid:84312269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3449116)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"207.244.199.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3449116/; classtype:trojan-activity;sid:84312216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3449117)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"207.244.199.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3449117/; classtype:trojan-activity;sid:84312217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3449120)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"207.244.199.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3449120/; classtype:trojan-activity;sid:84312220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3449121)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"207.244.199.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3449121/; classtype:trojan-activity;sid:84312221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3449122)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"207.244.199.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3449122/; classtype:trojan-activity;sid:84312222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.236.133.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448910/; classtype:trojan-activity;sid:84312010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448748)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"207.244.199.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448748/; classtype:trojan-activity;sid:84311848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448167)"; flow:established,from_client; content:"GET"; http_method; content:"/journal-article/a4a27c4e516fb1d80cd91f413c7599f3/soravit2012.pdf"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448167/; classtype:trojan-activity;sid:84311267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447805)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.34.66.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447805/; classtype:trojan-activity;sid:84310905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447679)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips64le"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447679/; classtype:trojan-activity;sid:84310779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.87.42.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447681/; classtype:trojan-activity;sid:84310781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447670)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.i586"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447670/; classtype:trojan-activity;sid:84310770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447671)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.arm8x64_be"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447671/; classtype:trojan-activity;sid:84310771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447672)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447672/; classtype:trojan-activity;sid:84310772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447673)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.arm8x64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447673/; classtype:trojan-activity;sid:84310773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447674)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mipsle"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447674/; classtype:trojan-activity;sid:84310774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447675)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447675/; classtype:trojan-activity;sid:84310775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447676)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447676/; classtype:trojan-activity;sid:84310776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447677)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.x64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447677/; classtype:trojan-activity;sid:84310777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447466)"; flow:established,from_client; content:"GET"; http_method; content:"/laurenxss/36b18f37163aaa04654bd21e98d1b842/raw/dca82ba88fae8788a48ffb529f9610a0cc209781/x"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"gist.githubusercontent.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447466/; classtype:trojan-activity;sid:84310566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447458)"; flow:established,from_client; content:"GET"; http_method; content:"/sena1.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"leindisncieamrocea-1341831283.cos.sa-saopaulo.myqcloud.com"; http_host; depth:58; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447458/; classtype:trojan-activity;sid:84310558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447456)"; flow:established,from_client; content:"GET"; http_method; content:"/manga1.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"leindisncieamrocea-1341831283.cos.sa-saopaulo.myqcloud.com"; http_host; depth:58; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447456/; classtype:trojan-activity;sid:84310556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447457)"; flow:established,from_client; content:"GET"; http_method; content:"/colheita1.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"leindisncieamrocea-1341831283.cos.sa-saopaulo.myqcloud.com"; http_host; depth:58; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447457/; classtype:trojan-activity;sid:84310557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446661)"; flow:established,from_client; content:"GET"; http_method; content:"/img001.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446661/; classtype:trojan-activity;sid:84309761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446653)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446653/; classtype:trojan-activity;sid:84309753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446649)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446649/; classtype:trojan-activity;sid:84309749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446449)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.206.188.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446449/; classtype:trojan-activity;sid:84309549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"173.44.75.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446416/; classtype:trojan-activity;sid:84309516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445854)"; flow:established,from_client; content:"GET"; http_method; content:"/coracion1.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vaamsmgfreocmroe-1342087530.cos.sa-saopaulo.myqcloud.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3445854/; classtype:trojan-activity;sid:84308954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445449)"; flow:established,from_client; content:"GET"; http_method; content:"/tarefa.html"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"skynetx.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445449/; classtype:trojan-activity;sid:84308549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445431)"; flow:established,from_client; content:"GET"; http_method; content:"/data/df4a3196-accc-423a-a43b-6768f1aafd3e.pdf"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"hotelembuguacu.blob.core.windows.net"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445431/; classtype:trojan-activity;sid:84308531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445438)"; flow:established,from_client; content:"GET"; http_method; content:"/data/f6416fd0-71f3-45de-8c79-3d0e7281f124.pdf"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"hotelembuguacu.blob.core.windows.net"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445438/; classtype:trojan-activity;sid:84308538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.91.204.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445302/; classtype:trojan-activity;sid:84308402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444507)"; flow:established,from_client; content:"GET"; http_method; content:"/leinchchanceleinch/jik/refs/heads/main/d.msi"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444507/; classtype:trojan-activity;sid:84307607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444326)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.115.236.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444326/; classtype:trojan-activity;sid:84307426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444279)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.206.188.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444279/; classtype:trojan-activity;sid:84307379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444267)"; flow:established,from_client; content:"GET"; http_method; content:"/leinchchanceleinch/jik/raw/refs/heads/main/d.msi"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444267/; classtype:trojan-activity;sid:84307367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443831)"; flow:established,from_client; content:"GET"; http_method; content:"/okfgjrg5d8gt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3443831/; classtype:trojan-activity;sid:84306931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443410)"; flow:established,from_client; content:"GET"; http_method; content:"/hkuu/down.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hkuu.oss-cn-hongkong.aliyuncs.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443410/; classtype:trojan-activity;sid:84306510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443409)"; flow:established,from_client; content:"GET"; http_method; content:"/hkuu/taslogin.log"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hkuu.oss-cn-hongkong.aliyuncs.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443409/; classtype:trojan-activity;sid:84306509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443408)"; flow:established,from_client; content:"GET"; http_method; content:"/hkuu/tasloginbase.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"hkuu.oss-cn-hongkong.aliyuncs.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443408/; classtype:trojan-activity;sid:84306508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443355)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.248.3.202.ll.sta.mana.pf"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443355/; classtype:trojan-activity;sid:84306455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443354)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.248.3.202.ll.sta.mana.pf"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443354/; classtype:trojan-activity;sid:84306454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443353)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99-118-215-24.lightspeed.irvnca.sbcglobal.net"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443353/; classtype:trojan-activity;sid:84306453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443350)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"host-95-230-215-65.business.telecomitalia.it"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443350/; classtype:trojan-activity;sid:84306450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443193)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"172.250.238.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443193/; classtype:trojan-activity;sid:84306293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442712)"; flow:established,from_client; content:"GET"; http_method; content:"/output0/client/cabalmain.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442712/; classtype:trojan-activity;sid:84305812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442703)"; flow:established,from_client; content:"GET"; http_method; content:"/output0/client/update.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442703/; classtype:trojan-activity;sid:84305803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442701)"; flow:established,from_client; content:"GET"; http_method; content:"/output0/client/cabal.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442701/; classtype:trojan-activity;sid:84305801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442616)"; flow:established,from_client; content:"GET"; http_method; content:"/output/client/cabalmain.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442616/; classtype:trojan-activity;sid:84305716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442259)"; flow:established,from_client; content:"GET"; http_method; content:"/exploit.class"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"123.56.43.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442259/; classtype:trojan-activity;sid:84305359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442232)"; flow:established,from_client; content:"GET"; http_method; content:"/build.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.211.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442232/; classtype:trojan-activity;sid:84305332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442233)"; flow:established,from_client; content:"GET"; http_method; content:"/build.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.146.202.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442233/; classtype:trojan-activity;sid:84305333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442198)"; flow:established,from_client; content:"GET"; http_method; content:"/xxxx"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.89.173.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442198/; classtype:trojan-activity;sid:84305298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442196)"; flow:established,from_client; content:"GET"; http_method; content:"/ffff"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.89.173.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442196/; classtype:trojan-activity;sid:84305296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442197)"; flow:established,from_client; content:"GET"; http_method; content:"/asdf"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.89.173.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442197/; classtype:trojan-activity;sid:84305297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442195)"; flow:established,from_client; content:"GET"; http_method; content:"/libmod_hellocpp_42.so"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"47.89.173.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442195/; classtype:trojan-activity;sid:84305295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442091)"; flow:established,from_client; content:"GET"; http_method; content:"/journal-article/c8ab945ac1a0ab1d3c22616f6babff1a/sorahan1984.pdf"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.se"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442091/; classtype:trojan-activity;sid:84305191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441890)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.122.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441890/; classtype:trojan-activity;sid:84304990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.200.25.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441868/; classtype:trojan-activity;sid:84304968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.5.194.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441869/; classtype:trojan-activity;sid:84304969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441864/; classtype:trojan-activity;sid:84304964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441724)"; flow:established,from_client; content:"GET"; http_method; content:"/output/client/cabal.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441724/; classtype:trojan-activity;sid:84304824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440185)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.168.9.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440185/; classtype:trojan-activity;sid:84303285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3439088)"; flow:established,from_client; content:"GET"; http_method; content:"/6107/8404c3d00d8aee946bdf1c140c904799/sorandaru2016.pdf"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"2024.sci-hub.se"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_14; reference:url, urlhaus.abuse.ch/url/3439088/; classtype:trojan-activity;sid:84302188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438629)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.154.18.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438629/; classtype:trojan-activity;sid:84301729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438591)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.11.36.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438591/; classtype:trojan-activity;sid:84301691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438594)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.11.36.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438594/; classtype:trojan-activity;sid:84301694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.9.25.206"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438572/; classtype:trojan-activity;sid:84301672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.208.104.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438570/; classtype:trojan-activity;sid:84301670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.44.174.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437561/; classtype:trojan-activity;sid:84300661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437118)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/adonis/pure_adonis"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437118/; classtype:trojan-activity;sid:84300218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437119)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/jnd/pure_jnd"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437119/; classtype:trojan-activity;sid:84300219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437116)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/adonis/all_adonis"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437116/; classtype:trojan-activity;sid:84300216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437117)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/mr_bean/pure_bean"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437117/; classtype:trojan-activity;sid:84300217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437115)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/mr_bean/all_bean"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437115/; classtype:trojan-activity;sid:84300215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437114)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/jnd/jnd_all"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437114/; classtype:trojan-activity;sid:84300214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435167)"; flow:established,from_client; content:"GET"; http_method; content:"/iluxa94/-3-/refs/heads/main/%d0%a4%d0%be%d1%80%d0%bc%d0%b0%203%d0%9e%d0%a8%d0%91%d0%a0.exe"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435167/; classtype:trojan-activity;sid:84298267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435170)"; flow:established,from_client; content:"GET"; http_method; content:"/neo23x0/signature-base/archive/master.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435170/; classtype:trojan-activity;sid:84298270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435143)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"101.32.40.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435143/; classtype:trojan-activity;sid:84298243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.204.104.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435084/; classtype:trojan-activity;sid:84298184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.141.244.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435087/; classtype:trojan-activity;sid:84298187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435080/; classtype:trojan-activity;sid:84298180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.158.88.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435075/; classtype:trojan-activity;sid:84298175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.4.101.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433345/; classtype:trojan-activity;sid:84296445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.168.9.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433346/; classtype:trojan-activity;sid:84296446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432311)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.204.104.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432311/; classtype:trojan-activity;sid:84295411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432232)"; flow:established,from_client; content:"GET"; http_method; content:"/zddtxxyxb.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"117.72.36.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432232/; classtype:trojan-activity;sid:84295332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432127)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.136.145.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432127/; classtype:trojan-activity;sid:84295227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431851)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/mr_bean/all_bean"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431851/; classtype:trojan-activity;sid:84294951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431850)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/mr_bean/pure_bean"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431850/; classtype:trojan-activity;sid:84294950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431687)"; flow:established,from_client; content:"GET"; http_method; content:"/bljysvhw/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431687/; classtype:trojan-activity;sid:84294787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431686)"; flow:established,from_client; content:"GET"; http_method; content:"/bljysvhw/img001.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431686/; classtype:trojan-activity;sid:84294786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.83.158.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431396/; classtype:trojan-activity;sid:84294496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431386)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.236.175.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431386/; classtype:trojan-activity;sid:84294486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431377)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.94.61"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431377/; classtype:trojan-activity;sid:84294477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431378)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.136.145.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431378/; classtype:trojan-activity;sid:84294478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.54.47.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430225/; classtype:trojan-activity;sid:84293325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429885)"; flow:established,from_client; content:"GET"; http_method; content:"/1/test.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ofice365.github.io"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429885/; classtype:trojan-activity;sid:84292985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429793)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"d2314eac.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429793/; classtype:trojan-activity;sid:84292893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429404)"; flow:established,from_client; content:"GET"; http_method; content:"/earm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429404/; classtype:trojan-activity;sid:84292504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429405)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/emips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429405/; classtype:trojan-activity;sid:84292505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429402)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429402/; classtype:trojan-activity;sid:84292502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429403)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/earm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429403/; classtype:trojan-activity;sid:84292503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429401)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/emips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429401/; classtype:trojan-activity;sid:84292501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429398)"; flow:established,from_client; content:"GET"; http_method; content:"/earm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429398/; classtype:trojan-activity;sid:84292498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429400)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/ex86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429400/; classtype:trojan-activity;sid:84292500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429390)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/empsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429390/; classtype:trojan-activity;sid:84292490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429392)"; flow:established,from_client; content:"GET"; http_method; content:"/ex86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429392/; classtype:trojan-activity;sid:84292492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429393)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/earm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429393/; classtype:trojan-activity;sid:84292493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429395)"; flow:established,from_client; content:"GET"; http_method; content:"/earm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429395/; classtype:trojan-activity;sid:84292495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429396)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429396/; classtype:trojan-activity;sid:84292496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429397)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429397/; classtype:trojan-activity;sid:84292497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429386)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/earm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429386/; classtype:trojan-activity;sid:84292486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429387)"; flow:established,from_client; content:"GET"; http_method; content:"/emips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429387/; classtype:trojan-activity;sid:84292487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429388)"; flow:established,from_client; content:"GET"; http_method; content:"/earm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429388/; classtype:trojan-activity;sid:84292488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429389)"; flow:established,from_client; content:"GET"; http_method; content:"/dvrlocker"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429389/; classtype:trojan-activity;sid:84292489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429384)"; flow:established,from_client; content:"GET"; http_method; content:"/empsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429384/; classtype:trojan-activity;sid:84292484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429385)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/ex86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429385/; classtype:trojan-activity;sid:84292485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"96.18.93.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429304/; classtype:trojan-activity;sid:84292404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.67.107.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429307/; classtype:trojan-activity;sid:84292407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.159.221.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429311/; classtype:trojan-activity;sid:84292411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.72.2.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428055/; classtype:trojan-activity;sid:84291155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.41.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423102/; classtype:trojan-activity;sid:84286202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421183)"; flow:established,from_client; content:"GET"; http_method; content:"/xsh/xsh.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"101.126.11.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421183/; classtype:trojan-activity;sid:84284283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421027)"; flow:established,from_client; content:"GET"; http_method; content:"/sigmaplus/4.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ny.lshdw.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421027/; classtype:trojan-activity;sid:84284127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421026)"; flow:established,from_client; content:"GET"; http_method; content:"/tylermt99/zzzaaa/refs/heads/main/built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421026/; classtype:trojan-activity;sid:84284126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421020)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp/emmetprod.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"141.147.43.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421020/; classtype:trojan-activity;sid:84284120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420607)"; flow:established,from_client; content:"GET"; http_method; content:"/update.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"181.206.158.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3420607/; classtype:trojan-activity;sid:84283707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.119.133.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3420539/; classtype:trojan-activity;sid:84283639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419869)"; flow:established,from_client; content:"GET"; http_method; content:"/invoke-mimikatz.ps1"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"117.72.36.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419869/; classtype:trojan-activity;sid:84282969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419575)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/raw/refs/heads/main/server1.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419575/; classtype:trojan-activity;sid:84282675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419559)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/raw/refs/heads/main/bloxflip%20predictor.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419559/; classtype:trojan-activity;sid:84282659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419560)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/raw/refs/heads/main/fast%20download.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419560/; classtype:trojan-activity;sid:84282660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419566)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/raw/refs/heads/main/njrat.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419566/; classtype:trojan-activity;sid:84282666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419570)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/raw/refs/heads/main/444.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419570/; classtype:trojan-activity;sid:84282670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419503)"; flow:established,from_client; content:"GET"; http_method; content:"/coluich/yaf/refs/heads/main/windows12.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419503/; classtype:trojan-activity;sid:84282603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419506)"; flow:established,from_client; content:"GET"; http_method; content:"/felikzig/wdt/raw/refs/heads/main/collosalloader.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419506/; classtype:trojan-activity;sid:84282606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419494)"; flow:established,from_client; content:"GET"; http_method; content:"/1337breaker1337/password/raw/refs/heads/main/client-built.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419494/; classtype:trojan-activity;sid:84282594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419481)"; flow:established,from_client; content:"GET"; http_method; content:"/mohammedsalmannnnnnn/laughing-train/raw/refs/heads/main/client-built.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419481/; classtype:trojan-activity;sid:84282581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419485)"; flow:established,from_client; content:"GET"; http_method; content:"/bonsko216/1/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419485/; classtype:trojan-activity;sid:84282585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419487)"; flow:established,from_client; content:"GET"; http_method; content:"/leemurray751/testing/raw/refs/heads/main/testingfile.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419487/; classtype:trojan-activity;sid:84282587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419474)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/raw/refs/heads/main/client-built.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419474/; classtype:trojan-activity;sid:84282574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419477)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/raw/refs/heads/main/critscript.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419477/; classtype:trojan-activity;sid:84282577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419464)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/raw/refs/heads/main/sentil.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419464/; classtype:trojan-activity;sid:84282564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419368)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17793058/lg246dre.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419368/; classtype:trojan-activity;sid:84282468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419338)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.136.159.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419338/; classtype:trojan-activity;sid:84282438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"144.48.171.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3419140/; classtype:trojan-activity;sid:84282240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418042)"; flow:established,from_client; content:"GET"; http_method; content:"/cab/launcherloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.newkey.co.kr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418042/; classtype:trojan-activity;sid:84281142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.32.249.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417858/; classtype:trojan-activity;sid:84280958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417840)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.109.0.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417840/; classtype:trojan-activity;sid:84280940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417095)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1t9mwfr1azhmksosp19tomch5dyi3hb2n"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417095/; classtype:trojan-activity;sid:84280195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417085)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417085/; classtype:trojan-activity;sid:84280185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416673/; classtype:trojan-activity;sid:84279773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416674/; classtype:trojan-activity;sid:84279774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.187.31.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416676/; classtype:trojan-activity;sid:84279776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415308/; classtype:trojan-activity;sid:84278408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415209)"; flow:established,from_client; content:"GET"; http_method; content:"/loginanticheat.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415209/; classtype:trojan-activity;sid:84278309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415207)"; flow:established,from_client; content:"GET"; http_method; content:"/loginanticheat4.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415207/; classtype:trojan-activity;sid:84278307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415206)"; flow:established,from_client; content:"GET"; http_method; content:"/gmex.dll"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415206/; classtype:trojan-activity;sid:84278306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.136.195.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414047/; classtype:trojan-activity;sid:84277147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411900)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.102.166.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411900/; classtype:trojan-activity;sid:84275000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.39.139.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411863/; classtype:trojan-activity;sid:84274963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410868)"; flow:established,from_client; content:"GET"; http_method; content:"/helps/helphelp1207/helps.hta"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"tests.yjzj.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410868/; classtype:trojan-activity;sid:84273968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410864)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatethicalhacking/fud/blob/master/access.exe|3f|raw=true"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410864/; classtype:trojan-activity;sid:84273964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410865)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatethicalhacking/fud/raw/refs/heads/master/access.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410865/; classtype:trojan-activity;sid:84273965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410718)"; flow:established,from_client; content:"GET"; http_method; content:"/cos"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ah-scanning.oss-cn-hongkong.aliyuncs.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410718/; classtype:trojan-activity;sid:84273818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410398)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"83.229.122.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410398/; classtype:trojan-activity;sid:84273498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410382)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.176.252.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410382/; classtype:trojan-activity;sid:84273482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410375)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.11.36.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410375/; classtype:trojan-activity;sid:84273475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409838)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatethicalhacking/fud/refs/heads/master/access.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409838/; classtype:trojan-activity;sid:84272938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.40.61.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3409427/; classtype:trojan-activity;sid:84272527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.11.94.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3409421/; classtype:trojan-activity;sid:84272521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406818)"; flow:established,from_client; content:"GET"; http_method; content:"/%eb%a7%ac%ec%9b%a8%ec%96%b4.hta"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"hobobot.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406818/; classtype:trojan-activity;sid:84269918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406822)"; flow:established,from_client; content:"GET"; http_method; content:"/%eb%b9%8c%ec%96%b4%20%eb%a8%b9%ec%9d%84.hta"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"hobobot.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406822/; classtype:trojan-activity;sid:84269922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406468)"; flow:established,from_client; content:"GET"; http_method; content:"/journal-article/30343922aca0fb8e53340406c2d9339d/sora2012.pdf"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.se"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406468/; classtype:trojan-activity;sid:84269568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405423)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.141.166.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_19; reference:url, urlhaus.abuse.ch/url/3405423/; classtype:trojan-activity;sid:84268523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405341)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"14.29.160.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405341/; classtype:trojan-activity;sid:84268441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405320)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405320/; classtype:trojan-activity;sid:84268420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405323)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405323/; classtype:trojan-activity;sid:84268423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405324)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405324/; classtype:trojan-activity;sid:84268424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405329)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.54.96.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405329/; classtype:trojan-activity;sid:84268429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405319)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405319/; classtype:trojan-activity;sid:84268419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405172)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.24.237.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405172/; classtype:trojan-activity;sid:84268272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405134)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.15.147.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405134/; classtype:trojan-activity;sid:84268234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405120)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.20.19.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405120/; classtype:trojan-activity;sid:84268220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.148.26.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405112/; classtype:trojan-activity;sid:84268212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403380)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/refs/heads/main/payload.bin"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403380/; classtype:trojan-activity;sid:84266480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402177)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.90.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402177/; classtype:trojan-activity;sid:84265277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.152.45.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402136/; classtype:trojan-activity;sid:84265236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.70.156.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402149/; classtype:trojan-activity;sid:84265249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.115.252.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402128/; classtype:trojan-activity;sid:84265228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401644)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/wpr-addons/forms/code1.png"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"107.180.89.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401644/; classtype:trojan-activity;sid:84264744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401362)"; flow:established,from_client; content:"GET"; http_method; content:"/fxserver.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"198.50.242.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401362/; classtype:trojan-activity;sid:84264462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399425)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.221.5.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399425/; classtype:trojan-activity;sid:84262525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399423)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.143.123.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399423/; classtype:trojan-activity;sid:84262523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.178.100.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399396/; classtype:trojan-activity;sid:84262496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.136.193.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399393/; classtype:trojan-activity;sid:84262493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398654)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.154.235.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3398654/; classtype:trojan-activity;sid:84261754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398629)"; flow:established,from_client; content:"GET"; http_method; content:"/ox2fa/justnow/refs/heads/main/1.sh"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3398629/; classtype:trojan-activity;sid:84261729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.168.227.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397531/; classtype:trojan-activity;sid:84260631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"69.11.121.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397523/; classtype:trojan-activity;sid:84260623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.20.59.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396428/; classtype:trojan-activity;sid:84259528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.254.71.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396430/; classtype:trojan-activity;sid:84259530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.197.121.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396413/; classtype:trojan-activity;sid:84259513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.87.151.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396418/; classtype:trojan-activity;sid:84259518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3395055)"; flow:established,from_client; content:"GET"; http_method; content:"/arvendrachhonkar/todo/releases/download/macosandwindows/install_setup_v1.2.0.dmg"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3395055/; classtype:trojan-activity;sid:84258155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394507)"; flow:established,from_client; content:"GET"; http_method; content:"/trismagi/daemon/raw/main/watchdog"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394507/; classtype:trojan-activity;sid:84257607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394121)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.56.225.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3394121/; classtype:trojan-activity;sid:84257221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394115)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.56.225.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3394115/; classtype:trojan-activity;sid:84257215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393662)"; flow:established,from_client; content:"GET"; http_method; content:"/roukistl/ud/refs/heads/main/ud.bat"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393662/; classtype:trojan-activity;sid:84256762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393601)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"113.31.111.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393601/; classtype:trojan-activity;sid:84256701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393596)"; flow:established,from_client; content:"GET"; http_method; content:"/thomson101/xhp/releases/download/release/steanings.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393596/; classtype:trojan-activity;sid:84256696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393148)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.197.121.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393148/; classtype:trojan-activity;sid:84256248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393047)"; flow:established,from_client; content:"GET"; http_method; content:"/thomson101/xhp/releases/download/release/steanings.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393047/; classtype:trojan-activity;sid:84256147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393048)"; flow:established,from_client; content:"GET"; http_method; content:"/apoxyies/deeneme/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393048/; classtype:trojan-activity;sid:84256148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.240.163.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393007/; classtype:trojan-activity;sid:84256107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.40.185.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393010/; classtype:trojan-activity;sid:84256110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3392686)"; flow:established,from_client; content:"GET"; http_method; content:"/launcher/upload/test.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"test.aionclassic.pro"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3392686/; classtype:trojan-activity;sid:84255786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3392682)"; flow:established,from_client; content:"GET"; http_method; content:"/test.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"moonloaderupdate.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3392682/; classtype:trojan-activity;sid:84255782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391819)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.32.249.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391819/; classtype:trojan-activity;sid:84254919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391671)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"151.251.196.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391671/; classtype:trojan-activity;sid:84254771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391678)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.211.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391678/; classtype:trojan-activity;sid:84254778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.8.112.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391592/; classtype:trojan-activity;sid:84254692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391455)"; flow:established,from_client; content:"GET"; http_method; content:"/1337breaker1337/password/refs/heads/main/client-built.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391455/; classtype:trojan-activity;sid:84254555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391429)"; flow:established,from_client; content:"GET"; http_method; content:"/1337breaker1337/password/raw/refs/heads/main/client-built.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391429/; classtype:trojan-activity;sid:84254529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389403)"; flow:established,from_client; content:"GET"; http_method; content:"/ngrokc/ctc/raw/main/ctc64.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389403/; classtype:trojan-activity;sid:84252503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389404)"; flow:established,from_client; content:"GET"; http_method; content:"/ngrokc/ctc/main/ctc64.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389404/; classtype:trojan-activity;sid:84252504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389259)"; flow:established,from_client; content:"GET"; http_method; content:"/test/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389259/; classtype:trojan-activity;sid:84252359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389237)"; flow:established,from_client; content:"GET"; http_method; content:"/test/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389237/; classtype:trojan-activity;sid:84252337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389239)"; flow:established,from_client; content:"GET"; http_method; content:"/test/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389239/; classtype:trojan-activity;sid:84252339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389229)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/fwutlkid.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389229/; classtype:trojan-activity;sid:84252329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389228)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/gch3x3lk.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389228/; classtype:trojan-activity;sid:84252328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389227)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/9nkwk7nh.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389227/; classtype:trojan-activity;sid:84252327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389226)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/wl3gtvgq.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389226/; classtype:trojan-activity;sid:84252326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389225)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/ujp4jdmy.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389225/; classtype:trojan-activity;sid:84252325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389224)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/8rh4s7pl.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389224/; classtype:trojan-activity;sid:84252324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389223)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/dwppj74t.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389223/; classtype:trojan-activity;sid:84252323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389222)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/jdym53nl.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389222/; classtype:trojan-activity;sid:84252322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389221)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/e9ffa5da.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389221/; classtype:trojan-activity;sid:84252321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389220)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/8zg9faz4.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389220/; classtype:trojan-activity;sid:84252320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389218)"; flow:established,from_client; content:"GET"; http_method; content:"/free"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"safefiles2.oss-cn-beijing.aliyuncs.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389218/; classtype:trojan-activity;sid:84252318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389142)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.181.70.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389142/; classtype:trojan-activity;sid:84252242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389120)"; flow:established,from_client; content:"GET"; http_method; content:"/auda"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"safefiles2.oss-cn-beijing.aliyuncs.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389120/; classtype:trojan-activity;sid:84252220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.20.55.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388949/; classtype:trojan-activity;sid:84252049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388907)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.83.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388907/; classtype:trojan-activity;sid:84252007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388878)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.89.165"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388878/; classtype:trojan-activity;sid:84251978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388873)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.117.75.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388873/; classtype:trojan-activity;sid:84251973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388874)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.89.174"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388874/; classtype:trojan-activity;sid:84251974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388858)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/solara.dir.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"c0e5b87c.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388858/; classtype:trojan-activity;sid:84251958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388859)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"c0e5b87c.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388859/; classtype:trojan-activity;sid:84251959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387830)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.140.239.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387830/; classtype:trojan-activity;sid:84250930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.20.55.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387782/; classtype:trojan-activity;sid:84250882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.20.55.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387787/; classtype:trojan-activity;sid:84250887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.20.55.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387788/; classtype:trojan-activity;sid:84250888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.20.55.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387790/; classtype:trojan-activity;sid:84250890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387720)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/raw/refs/heads/main/prueba.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387720/; classtype:trojan-activity;sid:84250820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387708)"; flow:established,from_client; content:"GET"; http_method; content:"/rsvgsng/funpark/raw/refs/heads/main/diskutil.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387708/; classtype:trojan-activity;sid:84250808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387702)"; flow:established,from_client; content:"GET"; http_method; content:"/yuriksq/papilla/raw/refs/heads/main/jrockekcurje.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387702/; classtype:trojan-activity;sid:84250802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387697)"; flow:established,from_client; content:"GET"; http_method; content:"/intput.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"101.201.227.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387697/; classtype:trojan-activity;sid:84250797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386798)"; flow:established,from_client; content:"GET"; http_method; content:"/proceedings-article/55a07147594fae1312e55be4d77971e1/skidmore2008.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.se"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3386798/; classtype:trojan-activity;sid:84249898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386507)"; flow:established,from_client; content:"GET"; http_method; content:"/file-32bit.elf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386507/; classtype:trojan-activity;sid:84249607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386508)"; flow:established,from_client; content:"GET"; http_method; content:"/file.elf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386508/; classtype:trojan-activity;sid:84249608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386509)"; flow:established,from_client; content:"GET"; http_method; content:"/file-arm.elf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386509/; classtype:trojan-activity;sid:84249609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386510)"; flow:established,from_client; content:"GET"; http_method; content:"/file-64bit.elf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386510/; classtype:trojan-activity;sid:84249610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386210)"; flow:established,from_client; content:"GET"; http_method; content:"/ghost-opbr/test/refs/heads/main/adobepdfreader.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386210/; classtype:trojan-activity;sid:84249310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.232.133.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385583/; classtype:trojan-activity;sid:84248683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.97.36.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385579/; classtype:trojan-activity;sid:84248679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385331)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"m-global.hksty.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385331/; classtype:trojan-activity;sid:84248431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385167)"; flow:established,from_client; content:"GET"; http_method; content:"/soft_hair/ultravnc.ini"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"support.clz.kr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385167/; classtype:trojan-activity;sid:84248267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385032)"; flow:established,from_client; content:"GET"; http_method; content:"/5fr5gthkjdg71"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385032/; classtype:trojan-activity;sid:84248132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3384038)"; flow:established,from_client; content:"GET"; http_method; content:"/rsvgsng/funpark/refs/heads/main/diskutil.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3384038/; classtype:trojan-activity;sid:84247138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3384025)"; flow:established,from_client; content:"GET"; http_method; content:"/rsvgsng/funpark/raw/refs/heads/main/diskutil.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3384025/; classtype:trojan-activity;sid:84247125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3382115)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.90.142.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3382115/; classtype:trojan-activity;sid:84245215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3380950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.252.66.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3380950/; classtype:trojan-activity;sid:84244050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3380934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.159.198.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3380934/; classtype:trojan-activity;sid:84244034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.116.68.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378993/; classtype:trojan-activity;sid:84242093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.50.4.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378991/; classtype:trojan-activity;sid:84242091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.252.167.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378986/; classtype:trojan-activity;sid:84242086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.50.4.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378977/; classtype:trojan-activity;sid:84242077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.166.18.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378961/; classtype:trojan-activity;sid:84242061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.1.110.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378964/; classtype:trojan-activity;sid:84242064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.108.227.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378966/; classtype:trojan-activity;sid:84242066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.142.63.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378974/; classtype:trojan-activity;sid:84242074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.126.186.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378954/; classtype:trojan-activity;sid:84242054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.43.139.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3378580/; classtype:trojan-activity;sid:84241680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378323)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"83.229.122.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3378323/; classtype:trojan-activity;sid:84241423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378016)"; flow:established,from_client; content:"GET"; http_method; content:"/fdiuioijofgrg"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3378016/; classtype:trojan-activity;sid:84241116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377988)"; flow:established,from_client; content:"GET"; http_method; content:"/nvcommander2/allgens/refs/heads/main/msgde.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3377988/; classtype:trojan-activity;sid:84241088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377969)"; flow:established,from_client; content:"GET"; http_method; content:"/win/checking.hta"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"qlqd5zqefmkcr34a.onion.sh"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3377969/; classtype:trojan-activity;sid:84241069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377935)"; flow:established,from_client; content:"GET"; http_method; content:"/ryycheats/ezfn-cheats-v2/refs/heads/main/ezfn%20op%20cheats.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3377935/; classtype:trojan-activity;sid:84241035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373507)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.143.139.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373507/; classtype:trojan-activity;sid:84236607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373506)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.143.139.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373506/; classtype:trojan-activity;sid:84236606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373504)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.0.204.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373504/; classtype:trojan-activity;sid:84236604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373486)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.45.15.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373486/; classtype:trojan-activity;sid:84236586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373487)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.45.15.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373487/; classtype:trojan-activity;sid:84236587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373492)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373492/; classtype:trojan-activity;sid:84236592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.136.193.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373094/; classtype:trojan-activity;sid:84236194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.159.154.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373087/; classtype:trojan-activity;sid:84236187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.96.1.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373088/; classtype:trojan-activity;sid:84236188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.84.39.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373071/; classtype:trojan-activity;sid:84236171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.164.191.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373074/; classtype:trojan-activity;sid:84236174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.2.14.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373078/; classtype:trojan-activity;sid:84236178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.160.109.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373080/; classtype:trojan-activity;sid:84236180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.181.114.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373053/; classtype:trojan-activity;sid:84236153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.153.52.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373056/; classtype:trojan-activity;sid:84236156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.34.205.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373058/; classtype:trojan-activity;sid:84236158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.179.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373048/; classtype:trojan-activity;sid:84236148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.121.195.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373032/; classtype:trojan-activity;sid:84236132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.138.68.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373037/; classtype:trojan-activity;sid:84236137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.113.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373040/; classtype:trojan-activity;sid:84236140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373023/; classtype:trojan-activity;sid:84236123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.20.27.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373026/; classtype:trojan-activity;sid:84236126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.185.23.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373009/; classtype:trojan-activity;sid:84236109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.204.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373001/; classtype:trojan-activity;sid:84236101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.245.78.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372974/; classtype:trojan-activity;sid:84236074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.93.83.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372979/; classtype:trojan-activity;sid:84236079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.158.158.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372986/; classtype:trojan-activity;sid:84236086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.15.137.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372989/; classtype:trojan-activity;sid:84236089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372991/; classtype:trojan-activity;sid:84236091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.27.224.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372992/; classtype:trojan-activity;sid:84236092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.43.6.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372994/; classtype:trojan-activity;sid:84236094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.236.133.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372995/; classtype:trojan-activity;sid:84236095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.103.184.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372997/; classtype:trojan-activity;sid:84236097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.85.166.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372968/; classtype:trojan-activity;sid:84236068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.43.6.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372961/; classtype:trojan-activity;sid:84236061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"139.255.97.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372964/; classtype:trojan-activity;sid:84236064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.177.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372956/; classtype:trojan-activity;sid:84236056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"173.178.94.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372940/; classtype:trojan-activity;sid:84236040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.12.157.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372941/; classtype:trojan-activity;sid:84236041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.125.133.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372944/; classtype:trojan-activity;sid:84236044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.117.240.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372947/; classtype:trojan-activity;sid:84236047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.154.209.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372931/; classtype:trojan-activity;sid:84236031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372903)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"111.74.21.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372903/; classtype:trojan-activity;sid:84236003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372902)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372902/; classtype:trojan-activity;sid:84236002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372900)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372900/; classtype:trojan-activity;sid:84236000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372901)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"220.180.255.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372901/; classtype:trojan-activity;sid:84236001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372891)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372891/; classtype:trojan-activity;sid:84235991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372892)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372892/; classtype:trojan-activity;sid:84235992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372893)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372893/; classtype:trojan-activity;sid:84235993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372896)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372896/; classtype:trojan-activity;sid:84235996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372898)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372898/; classtype:trojan-activity;sid:84235998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372881)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372881/; classtype:trojan-activity;sid:84235981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372883)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372883/; classtype:trojan-activity;sid:84235983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372884)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372884/; classtype:trojan-activity;sid:84235984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372886)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372886/; classtype:trojan-activity;sid:84235986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372890)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372890/; classtype:trojan-activity;sid:84235990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372877)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"114.247.47.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372877/; classtype:trojan-activity;sid:84235977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372878)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372878/; classtype:trojan-activity;sid:84235978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372880)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372880/; classtype:trojan-activity;sid:84235980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372704)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372704/; classtype:trojan-activity;sid:84235804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372705)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372705/; classtype:trojan-activity;sid:84235805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372691)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.101.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372691/; classtype:trojan-activity;sid:84235791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372688)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"133.106.109.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372688/; classtype:trojan-activity;sid:84235788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372684)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372684/; classtype:trojan-activity;sid:84235784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372686)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.140.204.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372686/; classtype:trojan-activity;sid:84235786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372657)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.190"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372657/; classtype:trojan-activity;sid:84235757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372658)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.216"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372658/; classtype:trojan-activity;sid:84235758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372655)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.140.204.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372655/; classtype:trojan-activity;sid:84235755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372654)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372654/; classtype:trojan-activity;sid:84235754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372651)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372651/; classtype:trojan-activity;sid:84235751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372645)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.124.72.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372645/; classtype:trojan-activity;sid:84235745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372625)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.189"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372625/; classtype:trojan-activity;sid:84235725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372627)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.115"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372627/; classtype:trojan-activity;sid:84235727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372636)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.28.177.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372636/; classtype:trojan-activity;sid:84235736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372620)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.140.204.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372620/; classtype:trojan-activity;sid:84235720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372621)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.210.109.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372621/; classtype:trojan-activity;sid:84235721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372622)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.140.204.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372622/; classtype:trojan-activity;sid:84235722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372615)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372615/; classtype:trojan-activity;sid:84235715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372123)"; flow:established,from_client; content:"GET"; http_method; content:"/112.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.249.172.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372123/; classtype:trojan-activity;sid:84235223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.87.31.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366263/; classtype:trojan-activity;sid:84229363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.220.214.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366250/; classtype:trojan-activity;sid:84229350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.21.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356934/; classtype:trojan-activity;sid:84220034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356912)"; flow:established,from_client; content:"GET"; http_method; content:"/ef/ef.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.tdejb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356912/; classtype:trojan-activity;sid:84220012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356911)"; flow:established,from_client; content:"GET"; http_method; content:"/ef/skifterne.sea"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.tdejb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356911/; classtype:trojan-activity;sid:84220011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356909)"; flow:established,from_client; content:"GET"; http_method; content:"/ef/ef.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.astenterprises.com.pk"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356909/; classtype:trojan-activity;sid:84220009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356803)"; flow:established,from_client; content:"GET"; http_method; content:"/yn5og-40i6-9gu-9hjf.html"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bj5y6-0f-9h4-9fgg4-1324992141.cos.ap-bangkok.myqcloud.com"; http_host; depth:57; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356803/; classtype:trojan-activity;sid:84219903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356778)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/231dd3bd495a42b6a479fb7f210ba69b.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356778/; classtype:trojan-activity;sid:84219878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356776)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/090cc5c1a5dc444dbeb0099f36f74657.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356776/; classtype:trojan-activity;sid:84219876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356775)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/5142a417d128494b9a9d67961121e943.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356775/; classtype:trojan-activity;sid:84219875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356773)"; flow:established,from_client; content:"GET"; http_method; content:"/in/1229.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356773/; classtype:trojan-activity;sid:84219873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356774)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/5142a417d128494b9a9d67961121e943.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356774/; classtype:trojan-activity;sid:84219874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356762)"; flow:established,from_client; content:"GET"; http_method; content:"/in/2041.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356762/; classtype:trojan-activity;sid:84219862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356765)"; flow:established,from_client; content:"GET"; http_method; content:"/in/d204.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356765/; classtype:trojan-activity;sid:84219865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356767)"; flow:established,from_client; content:"GET"; http_method; content:"/store_app/guardservice.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sgz-1302338321.cos.ap-guangzhou.myqcloud.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356767/; classtype:trojan-activity;sid:84219867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356768)"; flow:established,from_client; content:"GET"; http_method; content:"/futon"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"weco2.oss-me-east-1.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356768/; classtype:trojan-activity;sid:84219868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356769)"; flow:established,from_client; content:"GET"; http_method; content:"/qq%e5%8d%8e%e5%a4%8f%e6%9b%b4%e6%96%b0%e6%96%87%e4%bb%b6/%e8%87%aa%e5%8a%a8%e6%9b%b4%e6%96%b0%e8%be%85%e5%8a%a9%e7%a8%8b%e5%ba%8f.exe"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"kuakuawenjian.oss-cn-hangzhou.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356769/; classtype:trojan-activity;sid:84219869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356771)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/b0b34b3375b144c680a0456ffdd639a0.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356771/; classtype:trojan-activity;sid:84219871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356761)"; flow:established,from_client; content:"GET"; http_method; content:"/smiple_4yue"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"weco2.oss-me-east-1.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356761/; classtype:trojan-activity;sid:84219861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356754)"; flow:established,from_client; content:"GET"; http_method; content:"/documentations09.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"constrainthome080doc-1318069902.cos.ap-chengdu.myqcloud.com"; http_host; depth:59; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356754/; classtype:trojan-activity;sid:84219854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356755)"; flow:established,from_client; content:"GET"; http_method; content:"/test_kbnt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"weco.oss-eu-central-1.aliyuncs.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356755/; classtype:trojan-activity;sid:84219855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356758)"; flow:established,from_client; content:"GET"; http_method; content:"/36hg-04ik6-9j4-9h5.html"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"f3i5-0g49bgn-3h95-1324992141.cos.ap-jakarta.myqcloud.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356758/; classtype:trojan-activity;sid:84219858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356748)"; flow:established,from_client; content:"GET"; http_method; content:"/test_kbnt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"weco.oss-eu-central-1.aliyuncs.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356748/; classtype:trojan-activity;sid:84219848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356750)"; flow:established,from_client; content:"GET"; http_method; content:"/35-0350gh9v-39yh5g.html"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"j-0-09g-9bh-h-ggf-1324992141.cos.ap-bangkok.myqcloud.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356750/; classtype:trojan-activity;sid:84219850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356751)"; flow:established,from_client; content:"GET"; http_method; content:"/simple"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"weco.oss-eu-central-1.aliyuncs.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356751/; classtype:trojan-activity;sid:84219851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356752)"; flow:established,from_client; content:"GET"; http_method; content:"/onerive.html"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"onlinemicrosoft-1318069902.cos.ap-chengdu.myqcloud.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356752/; classtype:trojan-activity;sid:84219852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356581)"; flow:established,from_client; content:"GET"; http_method; content:"/270/audi.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bruplong.oss-accelerate.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356581/; classtype:trojan-activity;sid:84219681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356165)"; flow:established,from_client; content:"GET"; http_method; content:"/tpinauskas/anticheat/refs/heads/main/amogus.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356165/; classtype:trojan-activity;sid:84219265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356162)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/refs/heads/main/critscript.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356162/; classtype:trojan-activity;sid:84219262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356156)"; flow:established,from_client; content:"GET"; http_method; content:"/eliasgay23/123/refs/heads/main/svhost.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356156/; classtype:trojan-activity;sid:84219256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356145)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/refs/heads/main/fast%20download.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356145/; classtype:trojan-activity;sid:84219245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356146)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/refs/heads/main/sentil.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356146/; classtype:trojan-activity;sid:84219246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356134)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0xylife/asyncrat/refs/heads/main/asyncrat_09.02.2022.txt"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356134/; classtype:trojan-activity;sid:84219234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356133)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/refs/heads/main/444.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356133/; classtype:trojan-activity;sid:84219233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356129)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/refs/heads/main/server1.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356129/; classtype:trojan-activity;sid:84219229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356121)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/refs/heads/main/bloxflip%20predictor.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356121/; classtype:trojan-activity;sid:84219221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356118)"; flow:established,from_client; content:"GET"; http_method; content:"/deroxs/powerrat-leak/refs/heads/main/powerrat.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356118/; classtype:trojan-activity;sid:84219218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353957)"; flow:established,from_client; content:"GET"; http_method; content:"/rookievip/xx/main/loader.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353957/; classtype:trojan-activity;sid:84217057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353403)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/refs/heads/main/prueba.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353403/; classtype:trojan-activity;sid:84216503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353402)"; flow:established,from_client; content:"GET"; http_method; content:"/iamgelogger233/imagelogger/refs/heads/main/imagelogger.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353402/; classtype:trojan-activity;sid:84216502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353397)"; flow:established,from_client; content:"GET"; http_method; content:"/lohoainam/-at/refs/heads/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353397/; classtype:trojan-activity;sid:84216497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353380)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/refs/heads/main/client-built.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353380/; classtype:trojan-activity;sid:84216480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353372)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/refs/heads/main/shellcode.bin"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353372/; classtype:trojan-activity;sid:84216472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353348)"; flow:established,from_client; content:"GET"; http_method; content:"/deroxs/powerrat-leak/raw/refs/heads/main/powerrat.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353348/; classtype:trojan-activity;sid:84216448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353349)"; flow:established,from_client; content:"GET"; http_method; content:"/resources/js/info2r.txt/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"188.81.134.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353349/; classtype:trojan-activity;sid:84216449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353345)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0xylife/asyncrat/raw/refs/heads/main/asyncrat_09.02.2022.txt"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353345/; classtype:trojan-activity;sid:84216445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353333)"; flow:established,from_client; content:"GET"; http_method; content:"/dlc_update.data"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"8.138.96.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353333/; classtype:trojan-activity;sid:84216433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353318)"; flow:established,from_client; content:"GET"; http_method; content:"/tacvip/file3.mentah"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353318/; classtype:trojan-activity;sid:84216418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353317)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/file3.mentah"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353317/; classtype:trojan-activity;sid:84216417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353316)"; flow:established,from_client; content:"GET"; http_method; content:"/senju/senju_simple_vp.rar"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353316/; classtype:trojan-activity;sid:84216416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353315)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353315/; classtype:trojan-activity;sid:84216415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353310)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/simple3.mentah"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353310/; classtype:trojan-activity;sid:84216410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353309)"; flow:established,from_client; content:"GET"; http_method; content:"/egn/file3.mentah"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353309/; classtype:trojan-activity;sid:84216409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353307)"; flow:established,from_client; content:"GET"; http_method; content:"/xacker-volk/justmyrat/refs/heads/main/njrat%20dangerous.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353307/; classtype:trojan-activity;sid:84216407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353304)"; flow:established,from_client; content:"GET"; http_method; content:"/koala/injek3.mentah"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353304/; classtype:trojan-activity;sid:84216404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353301)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/injeksimple3.mentah"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353301/; classtype:trojan-activity;sid:84216401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353296)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/file3.mentah"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353296/; classtype:trojan-activity;sid:84216396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353297)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/vvipejy_hard_vp.rar"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353297/; classtype:trojan-activity;sid:84216397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353298)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/simple3.mentah"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353298/; classtype:trojan-activity;sid:84216398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353299)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/file3.mentah"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353299/; classtype:trojan-activity;sid:84216399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353294)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/injekkey.mentah"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353294/; classtype:trojan-activity;sid:84216394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353295)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/simple3.mentah"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353295/; classtype:trojan-activity;sid:84216395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353285)"; flow:established,from_client; content:"GET"; http_method; content:"/tacvip/injek3.mentah"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353285/; classtype:trojan-activity;sid:84216385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353286)"; flow:established,from_client; content:"GET"; http_method; content:"/egn/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353286/; classtype:trojan-activity;sid:84216386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353287)"; flow:established,from_client; content:"GET"; http_method; content:"/xcd/injeksimple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353287/; classtype:trojan-activity;sid:84216387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353288)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/injeksimple3.mentah"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353288/; classtype:trojan-activity;sid:84216388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353289)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/injek3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353289/; classtype:trojan-activity;sid:84216389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353290)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/injek3.mentah"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353290/; classtype:trojan-activity;sid:84216390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353291)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/vvipejy_simple_vp.rar"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353291/; classtype:trojan-activity;sid:84216391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353292)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/simple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353292/; classtype:trojan-activity;sid:84216392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353293)"; flow:established,from_client; content:"GET"; http_method; content:"/egn/simple3.mentah"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353293/; classtype:trojan-activity;sid:84216393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353284)"; flow:established,from_client; content:"GET"; http_method; content:"/egn/injeksimple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353284/; classtype:trojan-activity;sid:84216384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353280)"; flow:established,from_client; content:"GET"; http_method; content:"/xcd/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353280/; classtype:trojan-activity;sid:84216380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353281)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/injek3.mentah"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353281/; classtype:trojan-activity;sid:84216381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353282)"; flow:established,from_client; content:"GET"; http_method; content:"/e991/injeksimple3.mentah"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353282/; classtype:trojan-activity;sid:84216382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353283)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/injeksimple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353283/; classtype:trojan-activity;sid:84216383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353278)"; flow:established,from_client; content:"GET"; http_method; content:"/xnn/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353278/; classtype:trojan-activity;sid:84216378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353275)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/injeksimple3.mentah"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353275/; classtype:trojan-activity;sid:84216375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353271)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/injeksimple3.mentah"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353271/; classtype:trojan-activity;sid:84216371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353266)"; flow:established,from_client; content:"GET"; http_method; content:"/chromedriver.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353266/; classtype:trojan-activity;sid:84216366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353265)"; flow:established,from_client; content:"GET"; http_method; content:"/libccc.zip.tar"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353265/; classtype:trojan-activity;sid:84216365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353264)"; flow:established,from_client; content:"GET"; http_method; content:"/zddtxxyxb.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353264/; classtype:trojan-activity;sid:84216364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353263)"; flow:established,from_client; content:"GET"; http_method; content:"/xc.zip"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353263/; classtype:trojan-activity;sid:84216363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353262)"; flow:established,from_client; content:"GET"; http_method; content:"/vmpwn.7z"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353262/; classtype:trojan-activity;sid:84216362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353261)"; flow:established,from_client; content:"GET"; http_method; content:"/without_hook.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353261/; classtype:trojan-activity;sid:84216361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353260)"; flow:established,from_client; content:"GET"; http_method; content:"/tinynote.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353260/; classtype:trojan-activity;sid:84216360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353257)"; flow:established,from_client; content:"GET"; http_method; content:"/ez_kiwi.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353257/; classtype:trojan-activity;sid:84216357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353253)"; flow:established,from_client; content:"GET"; http_method; content:"/musl-dbgsym_1.2.2-1_amd64.ddeb"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353253/; classtype:trojan-activity;sid:84216353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353254)"; flow:established,from_client; content:"GET"; http_method; content:"/eznoted2b1405e.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353254/; classtype:trojan-activity;sid:84216354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353255)"; flow:established,from_client; content:"GET"; http_method; content:"/pig.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353255/; classtype:trojan-activity;sid:84216355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353256)"; flow:established,from_client; content:"GET"; http_method; content:"/husk.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353256/; classtype:trojan-activity;sid:84216356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353250/; classtype:trojan-activity;sid:84216350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353251)"; flow:established,from_client; content:"GET"; http_method; content:"/master.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353251/; classtype:trojan-activity;sid:84216351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_1.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353242/; classtype:trojan-activity;sid:84216342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimispool.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353243/; classtype:trojan-activity;sid:84216343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_2.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353244/; classtype:trojan-activity;sid:84216344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353246)"; flow:established,from_client; content:"GET"; http_method; content:"//google.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353246/; classtype:trojan-activity;sid:84216346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353237)"; flow:established,from_client; content:"GET"; http_method; content:"/out-encryptedscript.ps1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353237/; classtype:trojan-activity;sid:84216337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe.upx.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353238/; classtype:trojan-activity;sid:84216338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimikatz.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353234/; classtype:trojan-activity;sid:84216334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilib.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353235/; classtype:trojan-activity;sid:84216335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353227)"; flow:established,from_client; content:"GET"; http_method; content:"/ez_kiwi"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353227/; classtype:trojan-activity;sid:84216327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353216)"; flow:established,from_client; content:"GET"; http_method; content:"//chromesetup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353216/; classtype:trojan-activity;sid:84216316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353204)"; flow:established,from_client; content:"GET"; http_method; content:"/wp.ps1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353204/; classtype:trojan-activity;sid:84216304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353206)"; flow:established,from_client; content:"GET"; http_method; content:"/e991/injek3.mentah"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353206/; classtype:trojan-activity;sid:84216306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353208)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.248.194.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353208/; classtype:trojan-activity;sid:84216308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353199)"; flow:established,from_client; content:"GET"; http_method; content:"/unicorn-2.0.0rc7.dist-info/record"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353199/; classtype:trojan-activity;sid:84216299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilove.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353189/; classtype:trojan-activity;sid:84216289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimidrv.sys"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353190/; classtype:trojan-activity;sid:84216290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimispool.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353192/; classtype:trojan-activity;sid:84216292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353178)"; flow:established,from_client; content:"GET"; http_method; content:"/husk.py"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353178/; classtype:trojan-activity;sid:84216278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353176)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%af%be%e4%bb%b6-%e7%ac%ac6%e8%af%be%e6%97%b6-910%e7%ab%a0%e8%8a%82.pptx"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353176/; classtype:trojan-activity;sid:84216276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353175)"; flow:established,from_client; content:"GET"; http_method; content:"/2022%e7%bd%91%e9%bc%8e%e6%9d%af%e5%8d%8a%e5%86%b3%e8%b5%9b.7z"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353175/; classtype:trojan-activity;sid:84216275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353174)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%89%af%e6%9c%ac21.3%e8%93%9d%e9%98%9f%e6%8a%a4%e7%bd%91%e9%9d%a2%e8%af%95%e8%b5%84%e6%96%99210303.xlsx"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353174/; classtype:trojan-activity;sid:84216274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353123)"; flow:established,from_client; content:"GET"; http_method; content:"/cqhack/ddos-script/refs/heads/master/cqhack.pl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353123/; classtype:trojan-activity;sid:84216223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352856)"; flow:established,from_client; content:"GET"; http_method; content:"/ver/d.jpg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.16.38.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352856/; classtype:trojan-activity;sid:84215956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352827)"; flow:established,from_client; content:"GET"; http_method; content:"/h3qq"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352827/; classtype:trojan-activity;sid:84215927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352828)"; flow:established,from_client; content:"GET"; http_method; content:"/c9ul"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352828/; classtype:trojan-activity;sid:84215928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352829)"; flow:established,from_client; content:"GET"; http_method; content:"/4kkr"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352829/; classtype:trojan-activity;sid:84215929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352830)"; flow:established,from_client; content:"GET"; http_method; content:"/f4nu"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352830/; classtype:trojan-activity;sid:84215930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352831)"; flow:established,from_client; content:"GET"; http_method; content:"/qpc9"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352831/; classtype:trojan-activity;sid:84215931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352821)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/2a.hta"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352821/; classtype:trojan-activity;sid:84215921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352586)"; flow:established,from_client; content:"GET"; http_method; content:"/comitheicon/volatus0.5/refs/heads/main/volatus0.5.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352586/; classtype:trojan-activity;sid:84215686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352459)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"165.154.244.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352459/; classtype:trojan-activity;sid:84215559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352356)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/raw/main/exclude.ps1"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352356/; classtype:trojan-activity;sid:84215456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352353)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/raw/main/svhost.vbs"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352353/; classtype:trojan-activity;sid:84215453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352354)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/raw/main/m.ps1"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352354/; classtype:trojan-activity;sid:84215454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352351)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/refs/heads/main/m.ps1"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352351/; classtype:trojan-activity;sid:84215451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351932)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12jgde-soib4liipbdhs55vkz7ek8_ua6"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351932/; classtype:trojan-activity;sid:84215032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351859)"; flow:established,from_client; content:"GET"; http_method; content:"/felikzig/wdt/raw/refs/heads/main/collosalloader.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351859/; classtype:trojan-activity;sid:84214959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351820)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/raw/refs/heads/main/client-built.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351820/; classtype:trojan-activity;sid:84214920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351813)"; flow:established,from_client; content:"GET"; http_method; content:"/tpinauskas/anticheat/raw/refs/heads/main/amogus.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351813/; classtype:trojan-activity;sid:84214913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351478)"; flow:established,from_client; content:"GET"; http_method; content:"/ijeuwaesika/nna/raw/refs/heads/main/ifiinms.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351478/; classtype:trojan-activity;sid:84214578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351477)"; flow:established,from_client; content:"GET"; http_method; content:"/fsabxh/sfdawsdawdaw/raw/refs/heads/main/serials_checker.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351477/; classtype:trojan-activity;sid:84214577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351462)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/raw/refs/heads/main/server1.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351462/; classtype:trojan-activity;sid:84214562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351458)"; flow:established,from_client; content:"GET"; http_method; content:"/eliasgay23/123/raw/refs/heads/main/svhost.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351458/; classtype:trojan-activity;sid:84214558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351402)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/raw/refs/heads/main/sentil.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351402/; classtype:trojan-activity;sid:84214502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351377)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/raw/refs/heads/main/fast%20download.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351377/; classtype:trojan-activity;sid:84214477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351381)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/raw/refs/heads/main/bloxflip%20predictor.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351381/; classtype:trojan-activity;sid:84214481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351362)"; flow:established,from_client; content:"GET"; http_method; content:"/lohoainam/-at/raw/refs/heads/main/xclient.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351362/; classtype:trojan-activity;sid:84214462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351350)"; flow:established,from_client; content:"GET"; http_method; content:"/xacker-volk/justmyrat/raw/refs/heads/main/njrat%20dangerous.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351350/; classtype:trojan-activity;sid:84214450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351320)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/raw/refs/heads/main/prueba.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351320/; classtype:trojan-activity;sid:84214420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351297)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-reverse-shell/raw/refs/heads/main/shellcode.bin"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351297/; classtype:trojan-activity;sid:84214397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351275)"; flow:established,from_client; content:"GET"; http_method; content:"/iamgelogger233/imagelogger/raw/refs/heads/main/imagelogger.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351275/; classtype:trojan-activity;sid:84214375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351259)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/raw/refs/heads/main/shellcode.bin"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351259/; classtype:trojan-activity;sid:84214359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349063)"; flow:established,from_client; content:"GET"; http_method; content:"/dzakc3wag/raw/upload/v1734112417/uploaded_textfile"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"res.cloudinary.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349063/; classtype:trojan-activity;sid:84212163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348217)"; flow:established,from_client; content:"GET"; http_method; content:"/attatier/cloud/main/testexe.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348217/; classtype:trojan-activity;sid:84211317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348000)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1ydcoow9tkyo5_qfbdzcaqkd9hzdoug7o"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348000/; classtype:trojan-activity;sid:84211100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347308)"; flow:established,from_client; content:"GET"; http_method; content:"/component/vc2005sp1redist_x86.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"windriversfiles.imeitools.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347308/; classtype:trojan-activity;sid:84210408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346530)"; flow:established,from_client; content:"GET"; http_method; content:"/whoafg/problemonfmech/refs/heads/main/client.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346530/; classtype:trojan-activity;sid:84209630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346031)"; flow:established,from_client; content:"GET"; http_method; content:"/templates1/js/mixitup.js"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"autoiwc.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346031/; classtype:trojan-activity;sid:84209131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346026)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/41a1111.hta"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346026/; classtype:trojan-activity;sid:84209126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346020)"; flow:established,from_client; content:"GET"; http_method; content:"/leemurray751/testing/refs/heads/main/testingfile.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346020/; classtype:trojan-activity;sid:84209120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346000)"; flow:established,from_client; content:"GET"; http_method; content:"/leemurray751/testing/raw/refs/heads/main/testingfile.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346000/; classtype:trojan-activity;sid:84209100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345089)"; flow:established,from_client; content:"GET"; http_method; content:"/n00b69/woasetup/releases/download/installers/dxwebsetup.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345089/; classtype:trojan-activity;sid:84208189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345076)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/2a.hta"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345076/; classtype:trojan-activity;sid:84208176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345062)"; flow:established,from_client; content:"GET"; http_method; content:"/ys558pd/start.hta"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"device.redirec.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345062/; classtype:trojan-activity;sid:84208162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344216)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344216/; classtype:trojan-activity;sid:84207316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344172)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344172/; classtype:trojan-activity;sid:84207272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344116)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344116/; classtype:trojan-activity;sid:84207216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344054)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344054/; classtype:trojan-activity;sid:84207154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344015)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344015/; classtype:trojan-activity;sid:84207115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3343939)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3343939/; classtype:trojan-activity;sid:84207039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3343827)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3343827/; classtype:trojan-activity;sid:84206927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3343814)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3343814/; classtype:trojan-activity;sid:84206914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340580)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340580/; classtype:trojan-activity;sid:84203680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340578)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340578/; classtype:trojan-activity;sid:84203678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340577)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340577/; classtype:trojan-activity;sid:84203677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340567)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340567/; classtype:trojan-activity;sid:84203667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340568)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340568/; classtype:trojan-activity;sid:84203668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340569)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340569/; classtype:trojan-activity;sid:84203669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340570)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340570/; classtype:trojan-activity;sid:84203670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340573)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340573/; classtype:trojan-activity;sid:84203673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340574)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340574/; classtype:trojan-activity;sid:84203674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340576)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340576/; classtype:trojan-activity;sid:84203676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340440)"; flow:established,from_client; content:"GET"; http_method; content:"/dis3j/wagnerhook/releases/download/release/loader.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340440/; classtype:trojan-activity;sid:84203540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340399)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/xbest%20v1.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340399/; classtype:trojan-activity;sid:84203499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340398)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/complexo%20v4.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340398/; classtype:trojan-activity;sid:84203498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340395)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/box3d.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340395/; classtype:trojan-activity;sid:84203495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340396)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/lkwan.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340396/; classtype:trojan-activity;sid:84203496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340397)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/flunix9.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340397/; classtype:trojan-activity;sid:84203497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340392)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/elzhas%20pannel.dll"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340392/; classtype:trojan-activity;sid:84203492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340393)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/morovip.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340393/; classtype:trojan-activity;sid:84203493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340394)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/hazaxd.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340394/; classtype:trojan-activity;sid:84203494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340391)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/xbest.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340391/; classtype:trojan-activity;sid:84203491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340390)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/blue_and_white.dll"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340390/; classtype:trojan-activity;sid:84203490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340363)"; flow:established,from_client; content:"GET"; http_method; content:"/huuuuggga/aaaaa1/refs/heads/main/srtware.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340363/; classtype:trojan-activity;sid:84203463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339252)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.136.225.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339252/; classtype:trojan-activity;sid:84202352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339238)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.245.244.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339238/; classtype:trojan-activity;sid:84202338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339240)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.233.95.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339240/; classtype:trojan-activity;sid:84202340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339236)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.15.137.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339236/; classtype:trojan-activity;sid:84202336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339226)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.223.44.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339226/; classtype:trojan-activity;sid:84202326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339229)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.232.133.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339229/; classtype:trojan-activity;sid:84202329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339230)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.12.157.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339230/; classtype:trojan-activity;sid:84202330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339216)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.136.193.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339216/; classtype:trojan-activity;sid:84202316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339219)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"117.20.27.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339219/; classtype:trojan-activity;sid:84202319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339221)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.93.83.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339221/; classtype:trojan-activity;sid:84202321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339222)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.43.6.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339222/; classtype:trojan-activity;sid:84202322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339209)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.96.1.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339209/; classtype:trojan-activity;sid:84202309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339202)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.34.205.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339202/; classtype:trojan-activity;sid:84202302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339185)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.2.14.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339185/; classtype:trojan-activity;sid:84202285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339187)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.159.198.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339187/; classtype:trojan-activity;sid:84202287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339182)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"210.208.104.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339182/; classtype:trojan-activity;sid:84202282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339168)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.110.204.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339168/; classtype:trojan-activity;sid:84202268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339162)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.233.125.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339162/; classtype:trojan-activity;sid:84202262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339152)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.164.191.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339152/; classtype:trojan-activity;sid:84202252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339142)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.162.140.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339142/; classtype:trojan-activity;sid:84202242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339132)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.113.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339132/; classtype:trojan-activity;sid:84202232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339124)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.87.31.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339124/; classtype:trojan-activity;sid:84202224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339126)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.236.135.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339126/; classtype:trojan-activity;sid:84202226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339116)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.179.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339116/; classtype:trojan-activity;sid:84202216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339113)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"207.113.208.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339113/; classtype:trojan-activity;sid:84202213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339114)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.245.78.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339114/; classtype:trojan-activity;sid:84202214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339111)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.121.195.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339111/; classtype:trojan-activity;sid:84202211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339106)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.43.6.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339106/; classtype:trojan-activity;sid:84202206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339109)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.84.39.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339109/; classtype:trojan-activity;sid:84202209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339096)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.103.184.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339096/; classtype:trojan-activity;sid:84202196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339097)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.117.240.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339097/; classtype:trojan-activity;sid:84202197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339099)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.233.95.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339099/; classtype:trojan-activity;sid:84202199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339100)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.125.133.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339100/; classtype:trojan-activity;sid:84202200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339082)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.154.209.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339082/; classtype:trojan-activity;sid:84202182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339061)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.153.52.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339061/; classtype:trojan-activity;sid:84202161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338936)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"api.co-operativefinance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338936/; classtype:trojan-activity;sid:84202036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338920)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.114.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338920/; classtype:trojan-activity;sid:84202020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338856)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338856/; classtype:trojan-activity;sid:84201956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338755)"; flow:established,from_client; content:"GET"; http_method; content:"/l0venxn22/eulenmodmenu/main/loader.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338755/; classtype:trojan-activity;sid:84201855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338712)"; flow:established,from_client; content:"GET"; http_method; content:"/hostfile/taptin/game.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"update.volam2005pk.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338712/; classtype:trojan-activity;sid:84201812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338655)"; flow:established,from_client; content:"GET"; http_method; content:"/hostfile/taptin/autoupdate.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"update.volam2005pk.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338655/; classtype:trojan-activity;sid:84201755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338656)"; flow:established,from_client; content:"GET"; http_method; content:"/kabot/unix-privilege-escalation-exploits-pack/master/2012/vmsplice-local-root-exploit"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338656/; classtype:trojan-activity;sid:84201756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338570)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon_x64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.36.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338570/; classtype:trojan-activity;sid:84201670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338560)"; flow:established,from_client; content:"GET"; http_method; content:"/ga13372/jv/main/javaw.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338560/; classtype:trojan-activity;sid:84201660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338554)"; flow:established,from_client; content:"GET"; http_method; content:"/jhpatchouli/payload/raw/master/artifact.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"gitee.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338554/; classtype:trojan-activity;sid:84201654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338548)"; flow:established,from_client; content:"GET"; http_method; content:"/nicxlau/alfa-shell/master/alfa-obfuscated.php"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338548/; classtype:trojan-activity;sid:84201648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338507)"; flow:established,from_client; content:"GET"; http_method; content:"/aissardp/payload/main/payload.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338507/; classtype:trojan-activity;sid:84201607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338505)"; flow:established,from_client; content:"GET"; http_method; content:"/cracker1337uwu/rrr/main/bypass.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338505/; classtype:trojan-activity;sid:84201605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338499)"; flow:established,from_client; content:"GET"; http_method; content:"/g1vi/cve-2023-2640-cve-2023-32629/main/exploit.sh"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338499/; classtype:trojan-activity;sid:84201599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338493)"; flow:established,from_client; content:"GET"; http_method; content:"/nguyenmanmkt/repo1/main/exploit-2"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338493/; classtype:trojan-activity;sid:84201593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338492)"; flow:established,from_client; content:"GET"; http_method; content:"/leetcipher/malware.development/main/self-injection/self-injection.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338492/; classtype:trojan-activity;sid:84201592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338487)"; flow:established,from_client; content:"GET"; http_method; content:"/cyberhunter00/remote_hijack/master/uac_bypass.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338487/; classtype:trojan-activity;sid:84201587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338473)"; flow:established,from_client; content:"GET"; http_method; content:"/fromfranceanb/d46c38bce2b0d9c6hcffa6baea82ece29fa6d238/main/injection.js"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338473/; classtype:trojan-activity;sid:84201573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338475)"; flow:established,from_client; content:"GET"; http_method; content:"/cocomelonc/2022-01-14-malware-injection-13/master/hack.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338475/; classtype:trojan-activity;sid:84201575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338467)"; flow:established,from_client; content:"GET"; http_method; content:"/fxtazz/injection/main/index.js"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338467/; classtype:trojan-activity;sid:84201567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338471)"; flow:established,from_client; content:"GET"; http_method; content:"/leetcipher/malware.development/main/process-injection/process-injection.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338471/; classtype:trojan-activity;sid:84201571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338451)"; flow:established,from_client; content:"GET"; http_method; content:"/sixaknow/uac_bypass_/main/module_377498327498dcxvc32434.dll"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338451/; classtype:trojan-activity;sid:84201551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338443)"; flow:established,from_client; content:"GET"; http_method; content:"/pistacchietto/win-python-backdoor/master/standalone_payload.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338443/; classtype:trojan-activity;sid:84201543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338434)"; flow:established,from_client; content:"GET"; http_method; content:"/sanzaz/phantomious/main/injection-clean.js"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338434/; classtype:trojan-activity;sid:84201534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337794)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/f/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337794/; classtype:trojan-activity;sid:84200894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337795)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/c/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337795/; classtype:trojan-activity;sid:84200895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337796)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/u/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337796/; classtype:trojan-activity;sid:84200896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337797)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/i/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337797/; classtype:trojan-activity;sid:84200897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337035)"; flow:established,from_client; content:"GET"; http_method; content:"/rahmoundll/kak/main/glew64.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337035/; classtype:trojan-activity;sid:84200135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337026)"; flow:established,from_client; content:"GET"; http_method; content:"/nkaslq1/ankrnl/refs/heads/main/alphatweaks.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337026/; classtype:trojan-activity;sid:84200126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337032)"; flow:established,from_client; content:"GET"; http_method; content:"/haa15/driver-shitty/main/kdmapper_release.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337032/; classtype:trojan-activity;sid:84200132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337015)"; flow:established,from_client; content:"GET"; http_method; content:"/v0lt/virtualdub2/releases/download/2.1.3/virtualdub2_v2.1.3.667_win32.7z"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337015/; classtype:trojan-activity;sid:84200115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337012)"; flow:established,from_client; content:"GET"; http_method; content:"/cgmb/update.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337012/; classtype:trojan-activity;sid:84200112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337010)"; flow:established,from_client; content:"GET"; http_method; content:"/cgpro/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337010/; classtype:trojan-activity;sid:84200110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337004)"; flow:established,from_client; content:"GET"; http_method; content:"/skibidixelaina/wuselaina/raw/refs/heads/main/build.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337004/; classtype:trojan-activity;sid:84200104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336992)"; flow:established,from_client; content:"GET"; http_method; content:"/keygroup777-ransomware/downloader/refs/heads/main/taskmoder.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336992/; classtype:trojan-activity;sid:84200092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336993)"; flow:established,from_client; content:"GET"; http_method; content:"/z-beam/movaflag/releases/download/1.0.2/mova.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336993/; classtype:trojan-activity;sid:84200093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336990)"; flow:established,from_client; content:"GET"; http_method; content:"/keygroup777-ransomware/downloader/refs/heads/main/cssgo.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336990/; classtype:trojan-activity;sid:84200090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336983)"; flow:established,from_client; content:"GET"; http_method; content:"/keygroup777-ransomware/downloader/raw/refs/heads/main/black.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336983/; classtype:trojan-activity;sid:84200083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336094)"; flow:established,from_client; content:"GET"; http_method; content:"/xacker-volk/justmyrat/main/stub.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336094/; classtype:trojan-activity;sid:84199194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336077)"; flow:established,from_client; content:"GET"; http_method; content:"/nikolaevich23/make-pkg-bat/master/setup.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336077/; classtype:trojan-activity;sid:84199177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336072)"; flow:established,from_client; content:"GET"; http_method; content:"/eirxne/valorant-axeprime/main/axeprime.dll"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336072/; classtype:trojan-activity;sid:84199172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336068)"; flow:established,from_client; content:"GET"; http_method; content:"/stephenfewer/reflectivedllinjection/refs/heads/master/bin/reflective_dll.dll"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336068/; classtype:trojan-activity;sid:84199168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336060)"; flow:established,from_client; content:"GET"; http_method; content:"/snake/hack.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dangtienluc.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336060/; classtype:trojan-activity;sid:84199160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336058)"; flow:established,from_client; content:"GET"; http_method; content:"/anessdev/talha/main/talha.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336058/; classtype:trojan-activity;sid:84199158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336049)"; flow:established,from_client; content:"GET"; http_method; content:"/sqrtzeroknowledge/xworm-trojan/zip/refs/heads/main"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336049/; classtype:trojan-activity;sid:84199149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335208)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/master/rage.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335208/; classtype:trojan-activity;sid:84198308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335209)"; flow:established,from_client; content:"GET"; http_method; content:"/img/rm0xpx/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"jobcity.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335209/; classtype:trojan-activity;sid:84198309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335199)"; flow:established,from_client; content:"GET"; http_method; content:"/phm/brive/recepisse/202403/10/doc2lgpu2jwfets.tif"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"195.101.213.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335199/; classtype:trojan-activity;sid:84198299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335200)"; flow:established,from_client; content:"GET"; http_method; content:"/phm/distrimobile/recepisse/202407/30/fuss983_20240725_150732.tif"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"195.101.213.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335200/; classtype:trojan-activity;sid:84198300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335175)"; flow:established,from_client; content:"GET"; http_method; content:"/infectsocks32_sql_antivirus.vmp.dll"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335175/; classtype:trojan-activity;sid:84198275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335174)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowforce2008_64_add.vmp.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335174/; classtype:trojan-activity;sid:84198274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335173)"; flow:established,from_client; content:"GET"; http_method; content:"/infectsocks64_sql_antivirus.vmp.dll"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335173/; classtype:trojan-activity;sid:84198273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335166)"; flow:established,from_client; content:"GET"; http_method; content:"/upm2008.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335166/; classtype:trojan-activity;sid:84198266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335156)"; flow:established,from_client; content:"GET"; http_method; content:"/ndisinstaller3.2.32.1.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335156/; classtype:trojan-activity;sid:84198256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335149)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/2018-11/20181122103207926164.doc"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"xww.bucea.edu.cn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335149/; classtype:trojan-activity;sid:84198249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335154)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335154/; classtype:trojan-activity;sid:84198254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335147)"; flow:established,from_client; content:"GET"; http_method; content:"/iatinfect2008_64.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335147/; classtype:trojan-activity;sid:84198247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335141)"; flow:established,from_client; content:"GET"; http_method; content:"/winsetaccess64.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335141/; classtype:trojan-activity;sid:84198241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335135)"; flow:established,from_client; content:"GET"; http_method; content:"/writedat.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335135/; classtype:trojan-activity;sid:84198235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335136)"; flow:established,from_client; content:"GET"; http_method; content:"/mport.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335136/; classtype:trojan-activity;sid:84198236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335134)"; flow:established,from_client; content:"GET"; http_method; content:"/iland.dat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335134/; classtype:trojan-activity;sid:84198234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335132)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335132/; classtype:trojan-activity;sid:84198232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335123)"; flow:established,from_client; content:"GET"; http_method; content:"/krepej/dubelya/s-shurupom/6-40-40-sht"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"m.bal-stroi.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335123/; classtype:trojan-activity;sid:84198223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335119)"; flow:established,from_client; content:"GET"; http_method; content:"/mytime/files/3.3.7.0/mytime.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"down.ruanmei.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335119/; classtype:trojan-activity;sid:84198219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335118)"; flow:established,from_client; content:"GET"; http_method; content:"/cg70/update.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335118/; classtype:trojan-activity;sid:84198218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335096)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/closed_957176_mxqsdoj6a4iz/close_warehouse/ql55hnq09iyn6lm_334stxvw03wyv/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335096/; classtype:trojan-activity;sid:84198196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335094)"; flow:established,from_client; content:"GET"; http_method; content:"/misc/tools/exporttabletester.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ximonite.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335094/; classtype:trojan-activity;sid:84198194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335074)"; flow:established,from_client; content:"GET"; http_method; content:"/_upload/article/files/90/f4/62d98f264ab0abc4a1f14a32607a/089c9dc1-8248-47b5-b35d-310cd70469b4.doc"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"hhbs.hhu.edu.cn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335074/; classtype:trojan-activity;sid:84198174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335073)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/453903/wqc7f5s8lhm8mu0clzhwbl3lp|3f|token=eyjhbgcioijkaxiilcjlbmmioijbmti4q0jdluhtmju2in0..kok-c08tg1sb0rkwxyurvg.7ptb2bey9etqrwrfe3gvzgp-gdctw-nokzbirrowi-iwjtdmjfntorattitqom-5eqrbhzpurovcmmmjxks4knjpxbahy0bahdwidwtu6cuucpoigdw4l9jv2px7wsngjqoqp_dy8fpl_1z6j2no0z_rrawi5g3dj3vggkr-wcthkncz5a8o6febbffjiyc7oij5okn6o4janis5qd7btxoqqitdsic5s2bduud6ozsfsdjsc54szpt2gg4zgz8iuag3pv4apwyt_eo-owc_8q.o9d2owtjtv0voyqxis2afq"; http_uri; depth:427; isdataat:!1,relative; nocase; content:"p20.zdusercontent.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335073/; classtype:trojan-activity;sid:84198173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333897)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.dbg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333897/; classtype:trojan-activity;sid:84196997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333896)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333896/; classtype:trojan-activity;sid:84196996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333895)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333895/; classtype:trojan-activity;sid:84196995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333657)"; flow:established,from_client; content:"GET"; http_method; content:"/namblack666/zxqqw/refs/heads/main/main.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333657/; classtype:trojan-activity;sid:84196757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333658)"; flow:established,from_client; content:"GET"; http_method; content:"/namblack666/zxqqw/refs/heads/main/main1.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333658/; classtype:trojan-activity;sid:84196758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333656)"; flow:established,from_client; content:"GET"; http_method; content:"/nam-black/moneyandbitch/refs/heads/main/main1.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333656/; classtype:trojan-activity;sid:84196756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333651)"; flow:established,from_client; content:"GET"; http_method; content:"/nam-black/moneyandbitch/raw/refs/heads/main/main1.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333651/; classtype:trojan-activity;sid:84196751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333527)"; flow:established,from_client; content:"GET"; http_method; content:"/apk/pthlearning.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"chinaapper.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333527/; classtype:trojan-activity;sid:84196627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333522)"; flow:established,from_client; content:"GET"; http_method; content:"/azertyuiopexe/fud-crypter/zip/refs/heads/main"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333522/; classtype:trojan-activity;sid:84196622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333521)"; flow:established,from_client; content:"GET"; http_method; content:"/joh81/exploi01/main/document.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333521/; classtype:trojan-activity;sid:84196621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333518)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.8"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333518/; classtype:trojan-activity;sid:84196618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333513)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.10"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333513/; classtype:trojan-activity;sid:84196613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333514)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.3"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333514/; classtype:trojan-activity;sid:84196614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333511)"; flow:established,from_client; content:"GET"; http_method; content:"/hwangyounggul33/windows10/refs/heads/main/privacypolicy.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333511/; classtype:trojan-activity;sid:84196611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333509)"; flow:established,from_client; content:"GET"; http_method; content:"/caocaocc/yacd/zip/refs/heads/gh-pages"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333509/; classtype:trojan-activity;sid:84196609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333510)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9.2"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333510/; classtype:trojan-activity;sid:84196610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333508)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.11"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333508/; classtype:trojan-activity;sid:84196608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333499)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/refs/heads/main/agentnov.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333499/; classtype:trojan-activity;sid:84196599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333502)"; flow:established,from_client; content:"GET"; http_method; content:"/cirosantilli/china-dictatorship/zip/refs/heads/master"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333502/; classtype:trojan-activity;sid:84196602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333503)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.zip/refs/tags/0.8.1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333503/; classtype:trojan-activity;sid:84196603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333495)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.5"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333495/; classtype:trojan-activity;sid:84196595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333496)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.7"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333496/; classtype:trojan-activity;sid:84196596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333493)"; flow:established,from_client; content:"GET"; http_method; content:"/d-7uble/invoke-phant0m/zip/refs/heads/master"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333493/; classtype:trojan-activity;sid:84196593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333494)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.zip/refs/tags/0.7.1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333494/; classtype:trojan-activity;sid:84196594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333489)"; flow:established,from_client; content:"GET"; http_method; content:"/54n4l/mimikatzwindows/zip/refs/heads/master"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333489/; classtype:trojan-activity;sid:84196589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333485)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333485/; classtype:trojan-activity;sid:84196585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333482)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9.1"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333482/; classtype:trojan-activity;sid:84196582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333481)"; flow:established,from_client; content:"GET"; http_method; content:"/crowly-ai/hello-world/refs/heads/main/zubovlekciya.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333481/; classtype:trojan-activity;sid:84196581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333479)"; flow:established,from_client; content:"GET"; http_method; content:"/heresfilly09-9/fornova/main/svchost.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333479/; classtype:trojan-activity;sid:84196579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333470)"; flow:established,from_client; content:"GET"; http_method; content:"/bloodhoundad/bloodhound/master/collectors/sharphound.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333470/; classtype:trojan-activity;sid:84196570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333458)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/calendar/setup.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ojang.pe.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333458/; classtype:trojan-activity;sid:84196558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333457)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/calendar.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ojang.pe.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333457/; classtype:trojan-activity;sid:84196557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333456)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/jeditor/jeditor.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"ojang.pe.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333456/; classtype:trojan-activity;sid:84196556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333439)"; flow:established,from_client; content:"GET"; http_method; content:"/ytisf/thezoo/refs/heads/master/malware/binaries/ransomware.wannacry/ransomware.wannacry.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333439/; classtype:trojan-activity;sid:84196539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333435)"; flow:established,from_client; content:"GET"; http_method; content:"/newlog/exploiting/refs/heads/master/training/windows/practical_malware_analysis/labs/chapter_1l/lab01-02.exe"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333435/; classtype:trojan-activity;sid:84196535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333369)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/donut.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333369/; classtype:trojan-activity;sid:84196469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333359)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333359/; classtype:trojan-activity;sid:84196459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333355)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333355/; classtype:trojan-activity;sid:84196455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333357)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333357/; classtype:trojan-activity;sid:84196457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333350)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/raw/master/donut.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333350/; classtype:trojan-activity;sid:84196450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333351)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333351/; classtype:trojan-activity;sid:84196451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333352)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333352/; classtype:trojan-activity;sid:84196452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333353)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333353/; classtype:trojan-activity;sid:84196453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333343)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333343/; classtype:trojan-activity;sid:84196443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333322)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333322/; classtype:trojan-activity;sid:84196422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333321)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17793058/lg246dre.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333321/; classtype:trojan-activity;sid:84196421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333316)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333316/; classtype:trojan-activity;sid:84196416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333317)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333317/; classtype:trojan-activity;sid:84196417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333279)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jtdamhd5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333279/; classtype:trojan-activity;sid:84196379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332955)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/files/9/%e2%98%85%ec%a0%9c%ed%92%88%ec%82%ac%ec%9a%a9%ec%a0%84%20%ed%95%84%ec%88%98%ec%85%8b%ed%8c%85%e2%98%85.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"xn--yh4bx88a.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332955/; classtype:trojan-activity;sid:84196055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332954)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/files/9/%e2%ab%b8%ec%a0%9c%ed%92%88%ec%82%ac%ec%9a%a9%ec%a0%84%20%ed%95%84%ec%88%98%ec%85%8b%ed%8c%85%e2%ab%b7.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"xn--yh4bx88a.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332954/; classtype:trojan-activity;sid:84196054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332844)"; flow:established,from_client; content:"GET"; http_method; content:"/get/19f3c14691d28ab174a7935987ce2182/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"loader.oxy.st"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332844/; classtype:trojan-activity;sid:84195944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332792)"; flow:established,from_client; content:"GET"; http_method; content:"/noccenter/noccenter/refs/heads/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332792/; classtype:trojan-activity;sid:84195892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332789)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon_x64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332789/; classtype:trojan-activity;sid:84195889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332783)"; flow:established,from_client; content:"GET"; http_method; content:"/noccenter/noccenter/raw/refs/heads/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332783/; classtype:trojan-activity;sid:84195883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332780)"; flow:established,from_client; content:"GET"; http_method; content:"/baksvoronov/testingflrplgpreg/raw/refs/heads/main/connector1.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332780/; classtype:trojan-activity;sid:84195880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332771)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/main/critscript.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332771/; classtype:trojan-activity;sid:84195871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332764)"; flow:established,from_client; content:"GET"; http_method; content:"/mae-luadev/mae-tests/main/system.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332764/; classtype:trojan-activity;sid:84195864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332765)"; flow:established,from_client; content:"GET"; http_method; content:"/apoxyies/deeneme/refs/heads/main/runtimebroker.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332765/; classtype:trojan-activity;sid:84195865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332761)"; flow:established,from_client; content:"GET"; http_method; content:"/yuriksq/papilla/refs/heads/main/jrockekcurje.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332761/; classtype:trojan-activity;sid:84195861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332757)"; flow:established,from_client; content:"GET"; http_method; content:"/mae-luadev/mae-tests/raw/main/system.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332757/; classtype:trojan-activity;sid:84195857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332758)"; flow:established,from_client; content:"GET"; http_method; content:"/mohammedsalmannnnnnn/laughing-train/refs/heads/main/client-built.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332758/; classtype:trojan-activity;sid:84195858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332753)"; flow:established,from_client; content:"GET"; http_method; content:"/mohammedsalmannnnnnn/laughing-train/raw/refs/heads/main/client-built.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332753/; classtype:trojan-activity;sid:84195853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332754)"; flow:established,from_client; content:"GET"; http_method; content:"/apoxyies/deeneme/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332754/; classtype:trojan-activity;sid:84195854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332751)"; flow:established,from_client; content:"GET"; http_method; content:"/yuriksq/papilla/raw/refs/heads/main/jrockekcurje.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332751/; classtype:trojan-activity;sid:84195851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331919)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/opyhjdase.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331919/; classtype:trojan-activity;sid:84195019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331862)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/popapoers.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331862/; classtype:trojan-activity;sid:84194962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331858)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/ljgksdtihd.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331858/; classtype:trojan-activity;sid:84194958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331828)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/vikings.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331828/; classtype:trojan-activity;sid:84194928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331826)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/bnkrigkawd.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331826/; classtype:trojan-activity;sid:84194926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331699)"; flow:established,from_client; content:"GET"; http_method; content:"/frenzy-zwaake/discordrat-2.0/main/client-built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331699/; classtype:trojan-activity;sid:84194799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331675)"; flow:established,from_client; content:"GET"; http_method; content:"/api/aq_course/app/v2/course/addstudylog/client_built.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"agapi.cqjjb.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331675/; classtype:trojan-activity;sid:84194775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331669)"; flow:established,from_client; content:"GET"; http_method; content:"/fofit-rater/1/refs/heads/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331669/; classtype:trojan-activity;sid:84194769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331670)"; flow:established,from_client; content:"GET"; http_method; content:"/efedursun125/xfakeplayers/master/xclient.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331670/; classtype:trojan-activity;sid:84194770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331664)"; flow:established,from_client; content:"GET"; http_method; content:"/v2/long-glade-33dc08/original//rump_img.jpeg"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"cdn.pixelbin.io"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331664/; classtype:trojan-activity;sid:84194764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331665)"; flow:established,from_client; content:"GET"; http_method; content:"/abhidadatg/worm/refs/heads/main/xclient.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331665/; classtype:trojan-activity;sid:84194765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331653)"; flow:established,from_client; content:"GET"; http_method; content:"/zonicleaks/yappadabbadoo/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331653/; classtype:trojan-activity;sid:84194753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331654)"; flow:established,from_client; content:"GET"; http_method; content:"/themes/config_20.ps1"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"maxximbrasil.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331654/; classtype:trojan-activity;sid:84194754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331648)"; flow:established,from_client; content:"GET"; http_method; content:"/jikoos/rrr/main/xclient.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331648/; classtype:trojan-activity;sid:84194748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331649)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/debug2.ps1"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.drgenov.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331649/; classtype:trojan-activity;sid:84194749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331644)"; flow:established,from_client; content:"GET"; http_method; content:"/lvlh01am/wrwrwr/main/xclient.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331644/; classtype:trojan-activity;sid:84194744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331643)"; flow:established,from_client; content:"GET"; http_method; content:"/lvlh01am/adad/main/xclient.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331643/; classtype:trojan-activity;sid:84194743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331638)"; flow:established,from_client; content:"GET"; http_method; content:"/lohoainam/-at/main/xclient.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331638/; classtype:trojan-activity;sid:84194738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331639)"; flow:established,from_client; content:"GET"; http_method; content:"/frenzy-zwaake/discordrat-2.0/deferred-metadata/main/client-built.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331639/; classtype:trojan-activity;sid:84194739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331640)"; flow:established,from_client; content:"GET"; http_method; content:"/whois-black/qew123/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331640/; classtype:trojan-activity;sid:84194740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331636)"; flow:established,from_client; content:"GET"; http_method; content:"/paco321312312/cautious-sniffle/main/xclient.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331636/; classtype:trojan-activity;sid:84194736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331631)"; flow:established,from_client; content:"GET"; http_method; content:"/xclient543/miniature-tribble/main/xclient.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331631/; classtype:trojan-activity;sid:84194731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331633)"; flow:established,from_client; content:"GET"; http_method; content:"/joeljosephpajeet/testexe/refs/heads/main/xclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331633/; classtype:trojan-activity;sid:84194733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331635)"; flow:established,from_client; content:"GET"; http_method; content:"/themes/config_20.ps1"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"maxximbrasil.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331635/; classtype:trojan-activity;sid:84194735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331626)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/debug4.ps1"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.drgenov.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331626/; classtype:trojan-activity;sid:84194726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331628)"; flow:established,from_client; content:"GET"; http_method; content:"/lvlh01am/fsfsf/main/xclient.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331628/; classtype:trojan-activity;sid:84194728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331630)"; flow:established,from_client; content:"GET"; http_method; content:"/cheetz/nishang/master/gather/keylogger.ps1"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331630/; classtype:trojan-activity;sid:84194730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331588)"; flow:established,from_client; content:"GET"; http_method; content:"/cookieskush/pip-package-template/master/client-built.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331588/; classtype:trojan-activity;sid:84194688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331582)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/05/heic.ps1"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"babayaga.ro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331582/; classtype:trojan-activity;sid:84194682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331577)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/main/client-built.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331577/; classtype:trojan-activity;sid:84194677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331574)"; flow:established,from_client; content:"GET"; http_method; content:"/efedursun125/xfakeplayers/refs/heads/master/xclient.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331574/; classtype:trojan-activity;sid:84194674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331534)"; flow:established,from_client; content:"GET"; http_method; content:"/cidadejunina/js/vendor/debug2.ps1"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"transparenciacanaa.com.br"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331534/; classtype:trojan-activity;sid:84194634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331498)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_-w5me4evtzbdzix_v_ymzdelazhrv5z"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331498/; classtype:trojan-activity;sid:84194598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331500)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nskagzrswpttoue3wbrhdqpyzlyve4tg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331500/; classtype:trojan-activity;sid:84194600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331502)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1unu9ydyxvbsgdas_xzewlzcaiv6o_qdt"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331502/; classtype:trojan-activity;sid:84194602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331503)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1b3mrgxuzwdg46exhp6a71yeymlvrmabx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331503/; classtype:trojan-activity;sid:84194603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331489)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1-wql_iua-mylu2kiuyz-ib-5ggjqjqqp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331489/; classtype:trojan-activity;sid:84194589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331490)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1o3zw7sodji4uk954kngkdyshyl37gozq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331490/; classtype:trojan-activity;sid:84194590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331487)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/decqq-cf20a.appspot.com/o/donchifile_vchfujk91.bin|3f|alt=media|7c|26|7c|token=c2737a65-ff1c-436c-a6f0-11d3a748f62f"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331487/; classtype:trojan-activity;sid:84194587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319642)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.114.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319642/; classtype:trojan-activity;sid:84182742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318596)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"44.193.202.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318596/; classtype:trojan-activity;sid:84181696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318309)"; flow:established,from_client; content:"GET"; http_method; content:"/khangdz1801/raw/refs/heads/main/sound.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318309/; classtype:trojan-activity;sid:84181409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316452)"; flow:established,from_client; content:"GET"; http_method; content:"/searchuii.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316452/; classtype:trojan-activity;sid:84179552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3315253)"; flow:established,from_client; content:"GET"; http_method; content:"/order/purchaseorder.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"csg-app.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3315253/; classtype:trojan-activity;sid:84178353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3315254)"; flow:established,from_client; content:"GET"; http_method; content:"/order/putty.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"csg-app.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3315254/; classtype:trojan-activity;sid:84178354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308898)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"61.183.16.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308898/; classtype:trojan-activity;sid:84171998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308883)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308883/; classtype:trojan-activity;sid:84171983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308876)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"149.88.73.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308876/; classtype:trojan-activity;sid:84171976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308847)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.26.174.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308847/; classtype:trojan-activity;sid:84171947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308798)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1idr9p3dgxkblhu7h4jckclzmtlibwsiw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308798/; classtype:trojan-activity;sid:84171898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308797)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1c2pnucvma1shu90mnauhef6shildth-s"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308797/; classtype:trojan-activity;sid:84171897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308461)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y0"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308461/; classtype:trojan-activity;sid:84171561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308462)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y3"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308462/; classtype:trojan-activity;sid:84171562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308463)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y4.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308463/; classtype:trojan-activity;sid:84171563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308464)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y2"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308464/; classtype:trojan-activity;sid:84171564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308465)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308465/; classtype:trojan-activity;sid:84171565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3305535)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"111.185.23.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_26; reference:url, urlhaus.abuse.ch/url/3305535/; classtype:trojan-activity;sid:84168635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303817)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jbzzntbk1kuszoofww7hsqfdh066ontf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303817/; classtype:trojan-activity;sid:84166917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303818)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hkvynldkcbdd50_bsw3s9tk5elbduxtg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303818/; classtype:trojan-activity;sid:84166918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300881)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/y.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300881/; classtype:trojan-activity;sid:84163981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300394)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/dcm/refs/heads/main/document.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300394/; classtype:trojan-activity;sid:84163494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300382)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/test.xll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300382/; classtype:trojan-activity;sid:84163482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300387)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/ud.bat"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300387/; classtype:trojan-activity;sid:84163487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300377)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/t.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300377/; classtype:trojan-activity;sid:84163477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300378)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/template.dotm"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300378/; classtype:trojan-activity;sid:84163478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300374)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/doadmin.png"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300374/; classtype:trojan-activity;sid:84163474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300375)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/steamerx.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300375/; classtype:trojan-activity;sid:84163475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300376)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/justpoc.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300376/; classtype:trojan-activity;sid:84163476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300371)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/u.xls"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300371/; classtype:trojan-activity;sid:84163471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300372)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/scriptlet"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300372/; classtype:trojan-activity;sid:84163472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300068)"; flow:established,from_client; content:"GET"; http_method; content:"/es.hta"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pub-cdd0dd27ae6a4aee9841d397e0496374.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3300068/; classtype:trojan-activity;sid:84163168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299333)"; flow:established,from_client; content:"GET"; http_method; content:"/account/rolex_file.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"treinamento.convenio.to.gov.br"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299333/; classtype:trojan-activity;sid:84162433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298233)"; flow:established,from_client; content:"GET"; http_method; content:"/saked018/rivada/refs/heads/main/mis_file_9888123_received_xsls.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298233/; classtype:trojan-activity;sid:84161333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298219)"; flow:established,from_client; content:"GET"; http_method; content:"/saked018/rivada/raw/refs/heads/main/mis_file_9888123_received_xsls.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298219/; classtype:trojan-activity;sid:84161319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298207)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/dcm/raw/refs/heads/main/document.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298207/; classtype:trojan-activity;sid:84161307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298202)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/ud/raw/refs/heads/main/ud.bat"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298202/; classtype:trojan-activity;sid:84161302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298205)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/raw/refs/heads/main/u.xls"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298205/; classtype:trojan-activity;sid:84161305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298201)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/raw/refs/heads/main/ud.bat"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298201/; classtype:trojan-activity;sid:84161301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298019)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1ocoi0oahx25brhh0btpcqyjrulc7s98u"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298019/; classtype:trojan-activity;sid:84161119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297750)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/nube-f5f04.appspot.com/o/ansy.txt|3f|alt=media|7c|26|7c|token=703d87ea-0284-408f-b949-21b01138d2a5"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297750/; classtype:trojan-activity;sid:84160850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297053)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.15.239.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297053/; classtype:trojan-activity;sid:84160153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296209)"; flow:established,from_client; content:"GET"; http_method; content:"/crm/exe/update.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.zhikey.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296209/; classtype:trojan-activity;sid:84159309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294913)"; flow:established,from_client; content:"GET"; http_method; content:"/ledshow1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"101.200.220.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294913/; classtype:trojan-activity;sid:84158013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294906)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.218.114.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294906/; classtype:trojan-activity;sid:84158006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294809)"; flow:established,from_client; content:"GET"; http_method; content:"/configureregistrysettings.ps1"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.247.164.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294809/; classtype:trojan-activity;sid:84157909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294619)"; flow:established,from_client; content:"GET"; http_method; content:"/noureddine-nt9/rgsdr/raw/refs/heads/main/cheet.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294619/; classtype:trojan-activity;sid:84157719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293525)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.33.239.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293525/; classtype:trojan-activity;sid:84156625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292725)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"47.181.114.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292725/; classtype:trojan-activity;sid:84155825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292014)"; flow:established,from_client; content:"GET"; http_method; content:"/n/tui/mininews/mininewsplus/3.0.0.26165/mininewsplus-2.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"mininews.kpzip.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292014/; classtype:trojan-activity;sid:84155114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291910)"; flow:established,from_client; content:"GET"; http_method; content:"/3911_wz.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"wz.3911.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291910/; classtype:trojan-activity;sid:84155010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.44.144.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290573/; classtype:trojan-activity;sid:84153673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290243)"; flow:established,from_client; content:"GET"; http_method; content:"/pro2.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.98.201.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290243/; classtype:trojan-activity;sid:84153343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289875)"; flow:established,from_client; content:"GET"; http_method; content:"/r00ts3c/ddos-rootsec/refs/heads/master/ddos%20scripts/l4/udp/10gbpsudp.py"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289875/; classtype:trojan-activity;sid:84152975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.57.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289469/; classtype:trojan-activity;sid:84152569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.255.216.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289466/; classtype:trojan-activity;sid:84152566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.2.177.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289462/; classtype:trojan-activity;sid:84152562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.97.36.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289463/; classtype:trojan-activity;sid:84152563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.28.177.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289464/; classtype:trojan-activity;sid:84152564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.39.20.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289458/; classtype:trojan-activity;sid:84152558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.21.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288922/; classtype:trojan-activity;sid:84152022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.118.75.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288915/; classtype:trojan-activity;sid:84152015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.6.64.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288303/; classtype:trojan-activity;sid:84151403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.183.9.88"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288297/; classtype:trojan-activity;sid:84151397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287639/; classtype:trojan-activity;sid:84150739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.171.188.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287640/; classtype:trojan-activity;sid:84150740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287641/; classtype:trojan-activity;sid:84150741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287642/; classtype:trojan-activity;sid:84150742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287643/; classtype:trojan-activity;sid:84150743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287644/; classtype:trojan-activity;sid:84150744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.121.12.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287632/; classtype:trojan-activity;sid:84150732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.127.218.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287636/; classtype:trojan-activity;sid:84150736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.252.66.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287637/; classtype:trojan-activity;sid:84150737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.143.20.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286969/; classtype:trojan-activity;sid:84150069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.77.228.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286821/; classtype:trojan-activity;sid:84149921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286518)"; flow:established,from_client; content:"GET"; http_method; content:"/kzxiaopeng2/kuaizip_setup_-808202126_xiaopeng2_001.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"d.kpzip.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286518/; classtype:trojan-activity;sid:84149618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286513)"; flow:established,from_client; content:"GET"; http_method; content:"/haozip.convertimg.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"download.haozip.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286513/; classtype:trojan-activity;sid:84149613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.166.251.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286367/; classtype:trojan-activity;sid:84149467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286067)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-reverse-shell/main/shellcode.bin"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286067/; classtype:trojan-activity;sid:84149167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.162.59.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285433/; classtype:trojan-activity;sid:84148533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281714)"; flow:established,from_client; content:"GET"; http_method; content:"/s3cur3th1ssh1t/creds/master/obfuscatedps/dccuac.ps1"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281714/; classtype:trojan-activity;sid:84144814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281578)"; flow:established,from_client; content:"GET"; http_method; content:"/maxz/update/client/client.exe.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"103.174.191.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281578/; classtype:trojan-activity;sid:84144678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281577)"; flow:established,from_client; content:"GET"; http_method; content:"/maxz/update/client/dsetup.dll.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"103.174.191.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281577/; classtype:trojan-activity;sid:84144677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281278)"; flow:established,from_client; content:"GET"; http_method; content:"/nok/x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281278/; classtype:trojan-activity;sid:84144378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281085)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/raw/master/rage.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281085/; classtype:trojan-activity;sid:84144185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280990)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/2d424qwn"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280990/; classtype:trojan-activity;sid:84144090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279353)"; flow:established,from_client; content:"GET"; http_method; content:"/xavieprowel/crispy-palm-tree/releases/download/1/3e3ev3.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279353/; classtype:trojan-activity;sid:84142453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278669)"; flow:established,from_client; content:"GET"; http_method; content:"/txdown_disk/%e8%bd%af%e4%bb%b6%e4%bd%bf%e7%94%a8/%e7%bc%ba%e5%a4%b1%e4%b8%8b%e8%bd%bd/plugin.dll"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"disk.accord1key.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278669/; classtype:trojan-activity;sid:84141769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278579)"; flow:established,from_client; content:"GET"; http_method; content:"/felikzig/wdt/refs/heads/main/collosalloader.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278579/; classtype:trojan-activity;sid:84141679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278578)"; flow:established,from_client; content:"GET"; http_method; content:"/bonsko216/1/refs/heads/main/runtimebroker.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278578/; classtype:trojan-activity;sid:84141678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278573)"; flow:established,from_client; content:"GET"; http_method; content:"/ciphershld/ms-p-1a/master/setup%20ms%20p-1a.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278573/; classtype:trojan-activity;sid:84141673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278576)"; flow:established,from_client; content:"GET"; http_method; content:"/minecradt/regdelete/readme-edits/hell9o.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278576/; classtype:trojan-activity;sid:84141676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278567)"; flow:established,from_client; content:"GET"; http_method; content:"/openpeach/dotnetfx_cleanup_tool/refs/heads/master/cleanup_tool.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278567/; classtype:trojan-activity;sid:84141667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278556)"; flow:established,from_client; content:"GET"; http_method; content:"/new.pdf"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"152.67.4.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278556/; classtype:trojan-activity;sid:84141656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278558)"; flow:established,from_client; content:"GET"; http_method; content:"/bonsko216/1/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278558/; classtype:trojan-activity;sid:84141658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278362)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1las2cmd3reobg45qhkqhawi90h4_u0kd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278362/; classtype:trojan-activity;sid:84141462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278361)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=17hv9-3t2ilikbmcfql2z66ipd72x4mz7"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278361/; classtype:trojan-activity;sid:84141461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276956)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"216.201.80.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276956/; classtype:trojan-activity;sid:84140056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276896)"; flow:established,from_client; content:"GET"; http_method; content:"/loistupidpet/sfdawsdawdaw/main/serials_checker.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276896/; classtype:trojan-activity;sid:84139996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276847)"; flow:established,from_client; content:"GET"; http_method; content:"/smerttb2/xvpn/raw/main/xclient.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276847/; classtype:trojan-activity;sid:84139947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276828)"; flow:established,from_client; content:"GET"; http_method; content:"/uspat/capybara_jar/raw/main/xclient.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276828/; classtype:trojan-activity;sid:84139928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276830)"; flow:established,from_client; content:"GET"; http_method; content:"/smerttb2/xvpn/raw/main/xclient.exe/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276830/; classtype:trojan-activity;sid:84139930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275669)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kc4fdseohzqymz2x0ncqswph66uxdb1z"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275669/; classtype:trojan-activity;sid:84138769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275667)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1u_rahqbks7vd7qqc6wx3gxnjxtfqrzbp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275667/; classtype:trojan-activity;sid:84138767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275658)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1-8qpzgr4-iis53p1-kr2-o6prrjmnksk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275658/; classtype:trojan-activity;sid:84138758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275656)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ubqrhziusgl-cn_nie2_udj4qi6qrqsw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275656/; classtype:trojan-activity;sid:84138756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275240)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ikoxnnlvglh6jhnfqkrsihss_p2dqkyp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275240/; classtype:trojan-activity;sid:84138340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275241)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1r7oi2jekx0ks1wqpt0ms3_kqvukzy3dv"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275241/; classtype:trojan-activity;sid:84138341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275242)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gmzqsemymffka4lve0jkwa06sklk7xhu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275242/; classtype:trojan-activity;sid:84138342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274957/; classtype:trojan-activity;sid:84138057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.0.199.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274635/; classtype:trojan-activity;sid:84137735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.41.182.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274607/; classtype:trojan-activity;sid:84137707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.104.33.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274602/; classtype:trojan-activity;sid:84137702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.19.13.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274591/; classtype:trojan-activity;sid:84137691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274064)"; flow:established,from_client; content:"GET"; http_method; content:"/borisizdabezt/exitlag-hwid-spoofer/main/drv64.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274064/; classtype:trojan-activity;sid:84137164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274049)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/raw/main/spoofy.sys"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274049/; classtype:trojan-activity;sid:84137149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274046)"; flow:established,from_client; content:"GET"; http_method; content:"/skarsys/assaultcubecheat/main/spoofy.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274046/; classtype:trojan-activity;sid:84137146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274047)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/refs/heads/main/spoofy.sys"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274047/; classtype:trojan-activity;sid:84137147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274048)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/raw/refs/heads/main/spoofy.sys"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274048/; classtype:trojan-activity;sid:84137148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273935)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/ad/main/gestor%20de%20pedidos.apk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273935/; classtype:trojan-activity;sid:84137035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273937)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/ae/main/ready.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273937/; classtype:trojan-activity;sid:84137037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273928)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/ad/main/bb.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273928/; classtype:trojan-activity;sid:84137028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273931)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/ad/main/ready.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273931/; classtype:trojan-activity;sid:84137031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273868)"; flow:established,from_client; content:"GET"; http_method; content:"/download/telegram.apk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"telegramcn.co"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273868/; classtype:trojan-activity;sid:84136968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272598)"; flow:established,from_client; content:"GET"; http_method; content:"/turitarefa.htm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"skynetx.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272598/; classtype:trojan-activity;sid:84135698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272587)"; flow:established,from_client; content:"GET"; http_method; content:"/tarefab.html"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"skynetx.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272587/; classtype:trojan-activity;sid:84135687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272565)"; flow:established,from_client; content:"GET"; http_method; content:"/tarefa2022.html"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"skynetx.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272565/; classtype:trojan-activity;sid:84135665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272567)"; flow:established,from_client; content:"GET"; http_method; content:"/tarefa2.htm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"skynetx.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272567/; classtype:trojan-activity;sid:84135667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272570)"; flow:established,from_client; content:"GET"; http_method; content:"/booking.htm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"skynetx.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272570/; classtype:trojan-activity;sid:84135670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272572)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoft.htm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"skynetx.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272572/; classtype:trojan-activity;sid:84135672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272574)"; flow:established,from_client; content:"GET"; http_method; content:"/tarefa.html"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"skynetx.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272574/; classtype:trojan-activity;sid:84135674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272576)"; flow:established,from_client; content:"GET"; http_method; content:"/helper.html"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"skynetx.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272576/; classtype:trojan-activity;sid:84135676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272579)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoft.html"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"skynetx.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272579/; classtype:trojan-activity;sid:84135679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272092)"; flow:established,from_client; content:"GET"; http_method; content:"/ordogos2/g575/releases/download/download/setup.7.0.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272092/; classtype:trojan-activity;sid:84135192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271922)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/injector.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271922/; classtype:trojan-activity;sid:84135022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271923)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/injectorold.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271923/; classtype:trojan-activity;sid:84135023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271924)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/driver.sys"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271924/; classtype:trojan-activity;sid:84135024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271925)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/loader.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271925/; classtype:trojan-activity;sid:84135025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271919)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/ogfn%20updater.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271919/; classtype:trojan-activity;sid:84135019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271692)"; flow:established,from_client; content:"GET"; http_method; content:"/vc17x64.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271692/; classtype:trojan-activity;sid:84134792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271691)"; flow:established,from_client; content:"GET"; http_method; content:"/pchunter64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271691/; classtype:trojan-activity;sid:84134791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271690)"; flow:established,from_client; content:"GET"; http_method; content:"/remotelyanywhere11.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271690/; classtype:trojan-activity;sid:84134790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271689)"; flow:established,from_client; content:"GET"; http_method; content:"/pm3100.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271689/; classtype:trojan-activity;sid:84134789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271686)"; flow:established,from_client; content:"GET"; http_method; content:"/qwsrv3.3.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271686/; classtype:trojan-activity;sid:84134786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271681)"; flow:established,from_client; content:"GET"; http_method; content:"/x210.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271681/; classtype:trojan-activity;sid:84134781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271683)"; flow:established,from_client; content:"GET"; http_method; content:"/ydcx.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271683/; classtype:trojan-activity;sid:84134783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271684)"; flow:established,from_client; content:"GET"; http_method; content:"/smb.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271684/; classtype:trojan-activity;sid:84134784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271685)"; flow:established,from_client; content:"GET"; http_method; content:"/kb2808679x64.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271685/; classtype:trojan-activity;sid:84134785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271678)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271678/; classtype:trojan-activity;sid:84134778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271679)"; flow:established,from_client; content:"GET"; http_method; content:"/rlpb15.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271679/; classtype:trojan-activity;sid:84134779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271680)"; flow:established,from_client; content:"GET"; http_method; content:"/hydkj.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271680/; classtype:trojan-activity;sid:84134780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271675)"; flow:established,from_client; content:"GET"; http_method; content:"/autoruns.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271675/; classtype:trojan-activity;sid:84134775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271673)"; flow:established,from_client; content:"GET"; http_method; content:"/cysoft/winrarx64521sc.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271673/; classtype:trojan-activity;sid:84134773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271672)"; flow:established,from_client; content:"GET"; http_method; content:"/hdtune.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271672/; classtype:trojan-activity;sid:84134772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271664)"; flow:established,from_client; content:"GET"; http_method; content:"/wblog.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271664/; classtype:trojan-activity;sid:84134764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271666)"; flow:established,from_client; content:"GET"; http_method; content:"/steam.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271666/; classtype:trojan-activity;sid:84134766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271663)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"123.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271663/; classtype:trojan-activity;sid:84134763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271634)"; flow:established,from_client; content:"GET"; http_method; content:"/undertalanted/mod/refs/heads/main/svchost.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271634/; classtype:trojan-activity;sid:84134734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271624)"; flow:established,from_client; content:"GET"; http_method; content:"/sdifru877234/ilu123g5/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271624/; classtype:trojan-activity;sid:84134724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271617)"; flow:established,from_client; content:"GET"; http_method; content:"/regolx1/hadb/refs/heads/main/svchost.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271617/; classtype:trojan-activity;sid:84134717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271614)"; flow:established,from_client; content:"GET"; http_method; content:"/chokopie333/doom/main/svchost.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271614/; classtype:trojan-activity;sid:84134714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271612)"; flow:established,from_client; content:"GET"; http_method; content:"/artem674118/erterytry/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271612/; classtype:trojan-activity;sid:84134712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271609)"; flow:established,from_client; content:"GET"; http_method; content:"/morgantaraum/automatic-octo-barnacle/refs/heads/main/svchost.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271609/; classtype:trojan-activity;sid:84134709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271610)"; flow:established,from_client; content:"GET"; http_method; content:"/media/furystorage/api/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"media.githubusercontent.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271610/; classtype:trojan-activity;sid:84134710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271611)"; flow:established,from_client; content:"GET"; http_method; content:"/zodiac1616/test/refs/heads/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271611/; classtype:trojan-activity;sid:84134711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271605)"; flow:established,from_client; content:"GET"; http_method; content:"/sdifru877234/ilu123g5/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271605/; classtype:trojan-activity;sid:84134705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271599)"; flow:established,from_client; content:"GET"; http_method; content:"/user337666/brow666/raw/main/svchost.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271599/; classtype:trojan-activity;sid:84134699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271594)"; flow:established,from_client; content:"GET"; http_method; content:"/artem674118/erterytry/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271594/; classtype:trojan-activity;sid:84134694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271596)"; flow:established,from_client; content:"GET"; http_method; content:"/heresfilly09-9/fornova/raw/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271596/; classtype:trojan-activity;sid:84134696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271586)"; flow:established,from_client; content:"GET"; http_method; content:"/chokopie333/doom/raw/main/svchost.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271586/; classtype:trojan-activity;sid:84134686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271587)"; flow:established,from_client; content:"GET"; http_method; content:"/morgantaraum/automatic-octo-barnacle/raw/refs/heads/main/svchost.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271587/; classtype:trojan-activity;sid:84134687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271590)"; flow:established,from_client; content:"GET"; http_method; content:"/zodiac1616/test/raw/refs/heads/main/svchost.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271590/; classtype:trojan-activity;sid:84134690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271366)"; flow:established,from_client; content:"GET"; http_method; content:"/zzrevva1/osu-maple/refs/heads/main/extremeinjector.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271366/; classtype:trojan-activity;sid:84134466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271369)"; flow:established,from_client; content:"GET"; http_method; content:"/zzrevva1/osu-maple/raw/refs/heads/main/extremeinjector.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271369/; classtype:trojan-activity;sid:84134469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271206)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/blader-4f96f.appspot.com/o/rem251.txt|3f|alt=media|7c|26|7c|token=c0f99eb2-2f4d-4b6b-8bb6-bdb0e353c395"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271206/; classtype:trojan-activity;sid:84134306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270748)"; flow:established,from_client; content:"GET"; http_method; content:"/abc3.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270748/; classtype:trojan-activity;sid:84133848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270747)"; flow:established,from_client; content:"GET"; http_method; content:"/abc2.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270747/; classtype:trojan-activity;sid:84133847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270744)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270744/; classtype:trojan-activity;sid:84133844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270741)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270741/; classtype:trojan-activity;sid:84133841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270198)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/edadf5dc5ec04c578e24f68006fad2b4.sys"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270198/; classtype:trojan-activity;sid:84133298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270196)"; flow:established,from_client; content:"GET"; http_method; content:"/novocrm/static/winring0x64.sys"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"118.189.172.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270196/; classtype:trojan-activity;sid:84133296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270195)"; flow:established,from_client; content:"GET"; http_method; content:"/ggassistant/update/2.3.11.29/tool/winring0x64.sys|3f|skq=1701042218"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"shqdown.ggzuhao.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270195/; classtype:trojan-activity;sid:84133295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270193)"; flow:established,from_client; content:"GET"; http_method; content:"/miguel-b-p/..../raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270193/; classtype:trojan-activity;sid:84133293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270185)"; flow:established,from_client; content:"GET"; http_method; content:"/silenthashik/winring/raw/main/winring0x64.sys"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270185/; classtype:trojan-activity;sid:84133285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270186)"; flow:established,from_client; content:"GET"; http_method; content:"/hak333444/xmrig/raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270186/; classtype:trojan-activity;sid:84133286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270187)"; flow:established,from_client; content:"GET"; http_method; content:"/irusanov/zenstates-core/raw/master/winring0x64.sys"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270187/; classtype:trojan-activity;sid:84133287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270188)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/blob/master/bin/winring0/winring0x64.sys|3f|raw=true"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270188/; classtype:trojan-activity;sid:84133288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270189)"; flow:established,from_client; content:"GET"; http_method; content:"/so251/olaquerida/releases/download/1releasae/winring0x64.sys"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270189/; classtype:trojan-activity;sid:84133289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270191)"; flow:established,from_client; content:"GET"; http_method; content:"/jsjsjsc79/advsd/raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270191/; classtype:trojan-activity;sid:84133291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270192)"; flow:established,from_client; content:"GET"; http_method; content:"/stickmengamer/idk/raw/main/winring0x64.sys"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270192/; classtype:trojan-activity;sid:84133292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270183)"; flow:established,from_client; content:"GET"; http_method; content:"/sopranotech/dimeo/main/winring0x64.sys"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270183/; classtype:trojan-activity;sid:84133283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270184)"; flow:established,from_client; content:"GET"; http_method; content:"/abrissyy/min/main/winring0x64.sys"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270184/; classtype:trojan-activity;sid:84133284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269823)"; flow:established,from_client; content:"GET"; http_method; content:"/xclient543/upgraded-sniffle/main/xclient.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269823/; classtype:trojan-activity;sid:84132923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269816)"; flow:established,from_client; content:"GET"; http_method; content:"/uspat/capybara_jar/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269816/; classtype:trojan-activity;sid:84132916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269817)"; flow:established,from_client; content:"GET"; http_method; content:"/uspat/cripting/main/xclient.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269817/; classtype:trojan-activity;sid:84132917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269818)"; flow:established,from_client; content:"GET"; http_method; content:"/smerttb2/xvpn/raw/main/xclient.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269818/; classtype:trojan-activity;sid:84132918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269820)"; flow:established,from_client; content:"GET"; http_method; content:"/uspat/capybara_jar/raw/main/xclient.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269820/; classtype:trojan-activity;sid:84132920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269789)"; flow:established,from_client; content:"GET"; http_method; content:"/framzzzzz/dont-use/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269789/; classtype:trojan-activity;sid:84132889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269807)"; flow:established,from_client; content:"GET"; http_method; content:"/smerttb2/xvpn/main/xclient.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269807/; classtype:trojan-activity;sid:84132907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269715)"; flow:established,from_client; content:"GET"; http_method; content:"/sqrtzeroknowledge/xworm-trojan/archive/refs/heads/main.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269715/; classtype:trojan-activity;sid:84132815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268242/; classtype:trojan-activity;sid:84131342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265959)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ygqwpvxadhjsxskr3u3tdw2u5dnzv0pp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265959/; classtype:trojan-activity;sid:84129059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265958)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uzjwtbh4hcs9i060hwf08hrnymnodugn"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265958/; classtype:trojan-activity;sid:84129058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265708/; classtype:trojan-activity;sid:84128808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258033)"; flow:established,from_client; content:"GET"; http_method; content:"/ijeuwaesika/nna/refs/heads/main/ifiinms.txt"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258033/; classtype:trojan-activity;sid:84121133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258029)"; flow:established,from_client; content:"GET"; http_method; content:"/javamagazine/magdownloads/downloads/utilities-windowtimer-ptimer.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258029/; classtype:trojan-activity;sid:84121129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257484)"; flow:established,from_client; content:"GET"; http_method; content:"/data/javaw/net/net.xsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"shangmei-test.oss-cn-beijing.aliyuncs.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257484/; classtype:trojan-activity;sid:84120584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257473)"; flow:established,from_client; content:"GET"; http_method; content:"/javaw2/net/net.xsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sec.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257473/; classtype:trojan-activity;sid:84120573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254228)"; flow:established,from_client; content:"GET"; http_method; content:"/kdot227/somalifuscator/archive/refs/heads/main.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254228/; classtype:trojan-activity;sid:84117328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254226)"; flow:established,from_client; content:"GET"; http_method; content:"/proxyonly/www/raw/main/security.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254226/; classtype:trojan-activity;sid:84117326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254222)"; flow:established,from_client; content:"GET"; http_method; content:"/robloxdev1223/requirements/raw/main/requirements.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254222/; classtype:trojan-activity;sid:84117322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252970)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.210.236.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252970/; classtype:trojan-activity;sid:84116070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252630)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17267811/stm.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252630/; classtype:trojan-activity;sid:84115730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250891)"; flow:established,from_client; content:"GET"; http_method; content:"/peass-ng/peass-ng/releases/latest/download/linpeas.sh"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250891/; classtype:trojan-activity;sid:84113991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249739)"; flow:established,from_client; content:"GET"; http_method; content:"/img_up/shop_pds/nicehana/client.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"www.xn--on3b15m2lco2u.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249739/; classtype:trojan-activity;sid:84112839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249735)"; flow:established,from_client; content:"GET"; http_method; content:"/client.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.193.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249735/; classtype:trojan-activity;sid:84112835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249675)"; flow:established,from_client; content:"GET"; http_method; content:"/quasar/quasar/releases/download/v1.4.1/quasar.v1.4.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249675/; classtype:trojan-activity;sid:84112775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249662)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/refs/heads/master/rat/njrat.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249662/; classtype:trojan-activity;sid:84112762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246018)"; flow:established,from_client; content:"GET"; http_method; content:"/mestalic/site/refs/heads/main/file.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246018/; classtype:trojan-activity;sid:84109118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245772)"; flow:established,from_client; content:"GET"; http_method; content:"/sample.hta"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"210.56.13.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245772/; classtype:trojan-activity;sid:84108872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245737)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.252.159.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245737/; classtype:trojan-activity;sid:84108837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245733)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.152.219.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245733/; classtype:trojan-activity;sid:84108833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245732)"; flow:established,from_client; content:"GET"; http_method; content:"/vz.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"51.79.124.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245732/; classtype:trojan-activity;sid:84108832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245730)"; flow:established,from_client; content:"GET"; http_method; content:"/chinese.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"202.129.16.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245730/; classtype:trojan-activity;sid:84108830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245463)"; flow:established,from_client; content:"GET"; http_method; content:"/hs.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245463/; classtype:trojan-activity;sid:84108563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245459)"; flow:established,from_client; content:"GET"; http_method; content:"/kg.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245459/; classtype:trojan-activity;sid:84108559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245458)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245458/; classtype:trojan-activity;sid:84108558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243260)"; flow:established,from_client; content:"GET"; http_method; content:"/loader/loader.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"klar.gg"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243260/; classtype:trojan-activity;sid:84106360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243138)"; flow:established,from_client; content:"GET"; http_method; content:"/down/jgevbkn6di30"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"222.187.223.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243138/; classtype:trojan-activity;sid:84106238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243135)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/filekey.mentah"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243135/; classtype:trojan-activity;sid:84106235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243134)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/file3.mentah"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243134/; classtype:trojan-activity;sid:84106234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243133)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/injek3.mentah"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243133/; classtype:trojan-activity;sid:84106233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243121)"; flow:established,from_client; content:"GET"; http_method; content:"/js/s.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"112.217.207.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243121/; classtype:trojan-activity;sid:84106221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243086)"; flow:established,from_client; content:"GET"; http_method; content:"/update/data/update.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"114.55.106.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243086/; classtype:trojan-activity;sid:84106186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243082)"; flow:established,from_client; content:"GET"; http_method; content:"/sysupdate/ckbgd/2.3.0624.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"8.131.63.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243082/; classtype:trojan-activity;sid:84106182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243077)"; flow:established,from_client; content:"GET"; http_method; content:"/sysupdate/ckbgd/2.3.0703.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"8.131.63.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243077/; classtype:trojan-activity;sid:84106177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242983)"; flow:established,from_client; content:"GET"; http_method; content:"/flowseal/zapret-discord-youtube/releases/download/1.1.1/zapret-discord-youtube-1.1.1.rar"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242983/; classtype:trojan-activity;sid:84106083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242769)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/solr.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"119.192.128.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242769/; classtype:trojan-activity;sid:84105869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242663)"; flow:established,from_client; content:"GET"; http_method; content:"/hmatrix/data/hack0832.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cd.textfiles.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242663/; classtype:trojan-activity;sid:84105763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242642)"; flow:established,from_client; content:"GET"; http_method; content:"/rishabhkumardeveloper/malware_analysis_using_ml/main/wildfire-test-pe-file.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242642/; classtype:trojan-activity;sid:84105742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241764)"; flow:established,from_client; content:"GET"; http_method; content:"/mori-miyako/discord-token-generator/zip/refs/heads/main"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241764/; classtype:trojan-activity;sid:84104864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241765)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/main/tweaks.7z"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241765/; classtype:trojan-activity;sid:84104865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241756)"; flow:established,from_client; content:"GET"; http_method; content:"/intergate0/none/main/main.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241756/; classtype:trojan-activity;sid:84104856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241754)"; flow:established,from_client; content:"GET"; http_method; content:"/wbrswbrn/awew45/refs/heads/main/nurik.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241754/; classtype:trojan-activity;sid:84104854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241752)"; flow:established,from_client; content:"GET"; http_method; content:"/kntjspr/licensebytes/refs/heads/main/licensemalwarebytes.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241752/; classtype:trojan-activity;sid:84104852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241750)"; flow:established,from_client; content:"GET"; http_method; content:"/dns/pwer"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"main.dsn.ovh"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241750/; classtype:trojan-activity;sid:84104850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241644)"; flow:established,from_client; content:"GET"; http_method; content:"/baksvoronov/testingflrplgpreg/refs/heads/main/connector1.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241644/; classtype:trojan-activity;sid:84104744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241637)"; flow:established,from_client; content:"GET"; http_method; content:"/s107000665/c1/master/1223.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241637/; classtype:trojan-activity;sid:84104737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241638)"; flow:established,from_client; content:"GET"; http_method; content:"/iciamyplant/ctf/master/plantrojan.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241638/; classtype:trojan-activity;sid:84104738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241639)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/main/shellcode.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241639/; classtype:trojan-activity;sid:84104739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241640)"; flow:established,from_client; content:"GET"; http_method; content:"/killbillpribil/world-of-tanks/master/world%20of%20tanks.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241640/; classtype:trojan-activity;sid:84104740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241641)"; flow:established,from_client; content:"GET"; http_method; content:"/mach1el/htb-scripts/master/exploit-fuse/shell.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241641/; classtype:trojan-activity;sid:84104741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241642)"; flow:established,from_client; content:"GET"; http_method; content:"/khr0x40sh/whitelistevasion/master/installutil/script.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241642/; classtype:trojan-activity;sid:84104742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241636)"; flow:established,from_client; content:"GET"; http_method; content:"/award.pdf.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"alien-training.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241636/; classtype:trojan-activity;sid:84104736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241635)"; flow:established,from_client; content:"GET"; http_method; content:"/msf.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"qiniuyunxz.yxflzs.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241635/; classtype:trojan-activity;sid:84104735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241559)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/resources/donut.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241559/; classtype:trojan-activity;sid:84104659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241291)"; flow:established,from_client; content:"GET"; http_method; content:"/key.pem"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241291/; classtype:trojan-activity;sid:84104391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241127)"; flow:established,from_client; content:"GET"; http_method; content:"/justincoding3/slumfun/main/obfuscated.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241127/; classtype:trojan-activity;sid:84104227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241126)"; flow:established,from_client; content:"GET"; http_method; content:"/r00t-3xp10it/redpill/main/utils/compiled.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241126/; classtype:trojan-activity;sid:84104226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241125)"; flow:established,from_client; content:"GET"; http_method; content:"/secwiki/windows-kernel-exploits/master/ms14-068/ms14-068.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241125/; classtype:trojan-activity;sid:84104225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241123)"; flow:established,from_client; content:"GET"; http_method; content:"/prowindows365/hailhydra/refs/heads/main/hailhydra.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241123/; classtype:trojan-activity;sid:84104223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241055)"; flow:established,from_client; content:"GET"; http_method; content:"/neo23x0/signature-base/archive/master.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241055/; classtype:trojan-activity;sid:84104155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241019)"; flow:established,from_client; content:"GET"; http_method; content:"/gosha1239/onetap/master/onetap.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241019/; classtype:trojan-activity;sid:84104119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241005)"; flow:established,from_client; content:"GET"; http_method; content:"/ricepudding0xl/discordnitrogenerator/main/discordnitrogenerator.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241005/; classtype:trojan-activity;sid:84104105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241004)"; flow:established,from_client; content:"GET"; http_method; content:"/ryan2159/stuff/main/discord.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241004/; classtype:trojan-activity;sid:84104104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240999)"; flow:established,from_client; content:"GET"; http_method; content:"/sad-dust/death/main/stealinfo.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240999/; classtype:trojan-activity;sid:84104099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240998)"; flow:established,from_client; content:"GET"; http_method; content:"/deepdevil51/discordspotifybypass/main/discordspotifybypass.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240998/; classtype:trojan-activity;sid:84104098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240994)"; flow:established,from_client; content:"GET"; http_method; content:"/deepdevil51/discordspotifybypass/raw/main/discordspotifybypass.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240994/; classtype:trojan-activity;sid:84104094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240819)"; flow:established,from_client; content:"GET"; http_method; content:"/redcanaryco/atomic-red-team/master/atomics/t1204.002/bin/test10.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240819/; classtype:trojan-activity;sid:84103919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240817)"; flow:established,from_client; content:"GET"; http_method; content:"/cuckoobox/cuckoo/archive/master.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240817/; classtype:trojan-activity;sid:84103917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240813)"; flow:established,from_client; content:"GET"; http_method; content:"/haxork8880/files/main/windowssync.txt.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240813/; classtype:trojan-activity;sid:84103913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240814)"; flow:established,from_client; content:"GET"; http_method; content:"/crjtpp/tpplab_public/main/poc-sample-lnk.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240814/; classtype:trojan-activity;sid:84103914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240812)"; flow:established,from_client; content:"GET"; http_method; content:"/hackerx237/miner/main/my-files.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240812/; classtype:trojan-activity;sid:84103912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240811)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/releases/download/beta_v0.6/all.tweaker.beta.v0.6.7z"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240811/; classtype:trojan-activity;sid:84103911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240810)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/raw/main/tweaks.7z"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240810/; classtype:trojan-activity;sid:84103910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240720)"; flow:established,from_client; content:"GET"; http_method; content:"/dqwr1q23rwdfr/xxx/releases/download/xxx/vital.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240720/; classtype:trojan-activity;sid:84103820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240639)"; flow:established,from_client; content:"GET"; http_method; content:"/mohdjulaya09/code-sparrow-crypter-2.0-private-crack-leak/releases/download/%23crypter/codesparrow.crypter.2.0.crack.rar"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240639/; classtype:trojan-activity;sid:84103739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239707)"; flow:established,from_client; content:"GET"; http_method; content:"/demon.x64.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"8.138.96.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239707/; classtype:trojan-activity;sid:84102807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239574)"; flow:established,from_client; content:"GET"; http_method; content:"/js/paste.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"112.217.207.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239574/; classtype:trojan-activity;sid:84102674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238658)"; flow:established,from_client; content:"GET"; http_method; content:"/eaklauncher/eaklauncher.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"147.50.240.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238658/; classtype:trojan-activity;sid:84101758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238416)"; flow:established,from_client; content:"GET"; http_method; content:"/font/ddud.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"10086623.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238416/; classtype:trojan-activity;sid:84101516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238111)"; flow:established,from_client; content:"GET"; http_method; content:"/resources/js/info2r.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"188.81.134.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238111/; classtype:trojan-activity;sid:84101211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238084)"; flow:established,from_client; content:"GET"; http_method; content:"/python312/rusty-dropper/main/client-built.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238084/; classtype:trojan-activity;sid:84101184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238073)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/main/fast%20download.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238073/; classtype:trojan-activity;sid:84101173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238067)"; flow:established,from_client; content:"GET"; http_method; content:"/eliasgay23/123/main/svhost.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238067/; classtype:trojan-activity;sid:84101167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238061)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/main/444.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238061/; classtype:trojan-activity;sid:84101161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238057)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/main/bloxflip%20predictor.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238057/; classtype:trojan-activity;sid:84101157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238047)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/main/sentil.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238047/; classtype:trojan-activity;sid:84101147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238045)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/refs/heads/main/njrat.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238045/; classtype:trojan-activity;sid:84101145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238025)"; flow:established,from_client; content:"GET"; http_method; content:"/tpinauskas/anticheat/main/amogus.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238025/; classtype:trojan-activity;sid:84101125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238013)"; flow:established,from_client; content:"GET"; http_method; content:"/vampirvikariy/clientn2/master/intro.avi.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238013/; classtype:trojan-activity;sid:84101113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238012)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/main/njrat.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238012/; classtype:trojan-activity;sid:84101112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238010)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/main/server1.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238010/; classtype:trojan-activity;sid:84101110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237975)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/blob/master/rat/njrat.exe|3f|raw=true"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237975/; classtype:trojan-activity;sid:84101075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237976)"; flow:established,from_client; content:"GET"; http_method; content:"/5556.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.212.158.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237976/; classtype:trojan-activity;sid:84101076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237956)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/umbral-stealer/zip/refs/heads/main"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237956/; classtype:trojan-activity;sid:84101056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237955)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/blank-grabber/zip/refs/heads/main"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237955/; classtype:trojan-activity;sid:84101055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237954)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/blankobf/zip/refs/heads/v2"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237954/; classtype:trojan-activity;sid:84101054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237889)"; flow:established,from_client; content:"GET"; http_method; content:"/activia/aa_v3.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sfa.com.ar"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237889/; classtype:trojan-activity;sid:84100989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237876)"; flow:established,from_client; content:"GET"; http_method; content:"/aa_v3.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.175.186.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237876/; classtype:trojan-activity;sid:84100976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237861)"; flow:established,from_client; content:"GET"; http_method; content:"/joh81/exploi01/zip/refs/heads/main"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237861/; classtype:trojan-activity;sid:84100961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237850)"; flow:established,from_client; content:"GET"; http_method; content:"/files/hunt.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"microsoft-analyse.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237850/; classtype:trojan-activity;sid:84100950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237851)"; flow:established,from_client; content:"GET"; http_method; content:"/files/sexyrem"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"microsoft-analyse.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237851/; classtype:trojan-activity;sid:84100951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237849)"; flow:established,from_client; content:"GET"; http_method; content:"/files/host.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"microsoft-analyse.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237849/; classtype:trojan-activity;sid:84100949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237810)"; flow:established,from_client; content:"GET"; http_method; content:"/steve824/a/zip/refs/heads/main"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237810/; classtype:trojan-activity;sid:84100910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237737)"; flow:established,from_client; content:"GET"; http_method; content:"/thebb5th/123/zip/refs/heads/main"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237737/; classtype:trojan-activity;sid:84100837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237465)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_suia0iczdw2reew1f9hgunezxcwv52d"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237465/; classtype:trojan-activity;sid:84100565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237443)"; flow:established,from_client; content:"GET"; http_method; content:"/new.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"210.56.13.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237443/; classtype:trojan-activity;sid:84100543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236597)"; flow:established,from_client; content:"GET"; http_method; content:"/center.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.193.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236597/; classtype:trojan-activity;sid:84099697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236587)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"153.37.77.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236587/; classtype:trojan-activity;sid:84099687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236559)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.136.142.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236559/; classtype:trojan-activity;sid:84099659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236485)"; flow:established,from_client; content:"GET"; http_method; content:"/never.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"210.56.13.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236485/; classtype:trojan-activity;sid:84099585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236453)"; flow:established,from_client; content:"GET"; http_method; content:"/s3cur3th1ssh1t/creds/master/powershellscripts/invoke-petitpotam.ps1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236453/; classtype:trojan-activity;sid:84099553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236450)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/x.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.192.128.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236450/; classtype:trojan-activity;sid:84099550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236449)"; flow:established,from_client; content:"GET"; http_method; content:"/mvt/xmrig.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"main.dsn.ovh"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236449/; classtype:trojan-activity;sid:84099549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236324)"; flow:established,from_client; content:"GET"; http_method; content:"/file/xwgl/xw_xxgl.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236324/; classtype:trojan-activity;sid:84099424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236322)"; flow:established,from_client; content:"GET"; http_method; content:"/file/xw_setup.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236322/; classtype:trojan-activity;sid:84099422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236323)"; flow:established,from_client; content:"GET"; http_method; content:"/file/yhy_setup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236323/; classtype:trojan-activity;sid:84099423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236318)"; flow:established,from_client; content:"GET"; http_method; content:"/products/4001/updates/efatura/efatura.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"elisans.novayonetim.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236318/; classtype:trojan-activity;sid:84099418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236314)"; flow:established,from_client; content:"GET"; http_method; content:"/ipscan.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"file.edunet.ac"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236314/; classtype:trojan-activity;sid:84099414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236272)"; flow:established,from_client; content:"GET"; http_method; content:"/1skilllauncher/1skilllauncher.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"147.50.240.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236272/; classtype:trojan-activity;sid:84099372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236240)"; flow:established,from_client; content:"GET"; http_method; content:"/services/identification/server/gtptoolsdownloadhandler.ashx|3f|filename=gtp_6_browserplugin_setup.exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"hnjgdl.geps.glodon.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236240/; classtype:trojan-activity;sid:84099340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236237)"; flow:established,from_client; content:"GET"; http_method; content:"/natgo.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dl.natgo.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236237/; classtype:trojan-activity;sid:84099337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236236)"; flow:established,from_client; content:"GET"; http_method; content:"/download/etermproxy.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pid.fly160.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236236/; classtype:trojan-activity;sid:84099336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236227)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp/iupdate.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"download.innovare.no"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236227/; classtype:trojan-activity;sid:84099327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236224)"; flow:established,from_client; content:"GET"; http_method; content:"/pdd_biaoge/soft/down.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"49.234.48.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236224/; classtype:trojan-activity;sid:84099324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236154)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17267811/stm.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236154/; classtype:trojan-activity;sid:84099254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235523)"; flow:established,from_client; content:"GET"; http_method; content:"/chainguard-dev/bincapz/archive/refs/tags/v0.5.0.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235523/; classtype:trojan-activity;sid:84098623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235522)"; flow:established,from_client; content:"GET"; http_method; content:"/playmcbkuwu/vape/releases/download/stable/vape.v4.10.from.duckysolucky.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235522/; classtype:trojan-activity;sid:84098622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235514)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/raw/master/rage.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235514/; classtype:trojan-activity;sid:84098614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235513)"; flow:established,from_client; content:"GET"; http_method; content:"/meckazin/chromekatz/releases/download/0.4.7/chromekatzbofs.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235513/; classtype:trojan-activity;sid:84098613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235094)"; flow:established,from_client; content:"GET"; http_method; content:"/xsh/update.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.126.11.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235094/; classtype:trojan-activity;sid:84098194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235077)"; flow:established,from_client; content:"GET"; http_method; content:"/libcurl.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"coach.028csc.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235077/; classtype:trojan-activity;sid:84098177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234859)"; flow:established,from_client; content:"GET"; http_method; content:"/petikvx/lockbit-black-builder/main/lockbit30/builder.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234859/; classtype:trojan-activity;sid:84097959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234858)"; flow:established,from_client; content:"GET"; http_method; content:"/tennessene/lockbit/refs/heads/main/builder.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234858/; classtype:trojan-activity;sid:84097958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234803)"; flow:established,from_client; content:"GET"; http_method; content:"/crazycoach.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"coach.028csc.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234803/; classtype:trojan-activity;sid:84097903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232402)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.32.202.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232402/; classtype:trojan-activity;sid:84095502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231923)"; flow:established,from_client; content:"GET"; http_method; content:"/nok/mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231923/; classtype:trojan-activity;sid:84095023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231796)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/16737801/wave.zip|3f|"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231796/; classtype:trojan-activity;sid:84094896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231794)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/16419615/solara.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231794/; classtype:trojan-activity;sid:84094894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229631)"; flow:established,from_client; content:"GET"; http_method; content:"/kamilniftaliev/cryptoview/zip/refs/heads/main"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229631/; classtype:trojan-activity;sid:84092731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228667)"; flow:established,from_client; content:"GET"; http_method; content:"/winassist/login/login.7z"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"win.down.55kantu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228667/; classtype:trojan-activity;sid:84091767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228412)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.0.199.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228412/; classtype:trojan-activity;sid:84091512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226239)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.22.0/xmrig-6.22.0-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226239/; classtype:trojan-activity;sid:84089339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225936)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.252.86.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225936/; classtype:trojan-activity;sid:84089036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225932)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.70.238.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225932/; classtype:trojan-activity;sid:84089032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225930)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.248.23.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225930/; classtype:trojan-activity;sid:84089030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218033)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.207.216.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218033/; classtype:trojan-activity;sid:84081133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218030)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.106.101.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218030/; classtype:trojan-activity;sid:84081130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218022)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.3.211.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218022/; classtype:trojan-activity;sid:84081122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218007)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218007/; classtype:trojan-activity;sid:84081107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218009)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.207.217.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218009/; classtype:trojan-activity;sid:84081109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218011)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"166.147.146.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218011/; classtype:trojan-activity;sid:84081111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218001)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218001/; classtype:trojan-activity;sid:84081101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217787)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217787/; classtype:trojan-activity;sid:84080887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217802)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.130.160.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217802/; classtype:trojan-activity;sid:84080902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217780)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.203.169.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217780/; classtype:trojan-activity;sid:84080880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217768)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"194.144.250.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217768/; classtype:trojan-activity;sid:84080868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217775)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217775/; classtype:trojan-activity;sid:84080875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217778)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.221.155.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217778/; classtype:trojan-activity;sid:84080878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217757)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.106.155.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217757/; classtype:trojan-activity;sid:84080857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217750)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.28.228.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217750/; classtype:trojan-activity;sid:84080850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217745)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217745/; classtype:trojan-activity;sid:84080845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217740)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.203.169.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217740/; classtype:trojan-activity;sid:84080840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217717)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217717/; classtype:trojan-activity;sid:84080817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217729)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217729/; classtype:trojan-activity;sid:84080829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217689)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217689/; classtype:trojan-activity;sid:84080789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217665)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217665/; classtype:trojan-activity;sid:84080765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217669)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.12.184.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217669/; classtype:trojan-activity;sid:84080769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217674)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217674/; classtype:trojan-activity;sid:84080774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217638)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.161.6.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217638/; classtype:trojan-activity;sid:84080738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217625)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217625/; classtype:trojan-activity;sid:84080725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217628)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.40.25.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217628/; classtype:trojan-activity;sid:84080728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217621)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217621/; classtype:trojan-activity;sid:84080721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217618)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217618/; classtype:trojan-activity;sid:84080718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217562)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.212.35.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217562/; classtype:trojan-activity;sid:84080662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217557)"; flow:established,from_client; content:"GET"; http_method; content:"/123.ps1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.247.164.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217557/; classtype:trojan-activity;sid:84080657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217454)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.118.215.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217454/; classtype:trojan-activity;sid:84080554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217426)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.212.35.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217426/; classtype:trojan-activity;sid:84080526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.200.72.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217140/; classtype:trojan-activity;sid:84080240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.241.19.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217127/; classtype:trojan-activity;sid:84080227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.252.66.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217131/; classtype:trojan-activity;sid:84080231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.185.119.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217092/; classtype:trojan-activity;sid:84080192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.209.184.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217096/; classtype:trojan-activity;sid:84080196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.133.95.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217097/; classtype:trojan-activity;sid:84080197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.238.209.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217098/; classtype:trojan-activity;sid:84080198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217099)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.101.130.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217099/; classtype:trojan-activity;sid:84080199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.188.216.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217101/; classtype:trojan-activity;sid:84080201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.140.105.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217104/; classtype:trojan-activity;sid:84080204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.249.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217109/; classtype:trojan-activity;sid:84080209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.116.68.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217110/; classtype:trojan-activity;sid:84080210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.101.239.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217082/; classtype:trojan-activity;sid:84080182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.145.205.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217088/; classtype:trojan-activity;sid:84080188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217089)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.139.153.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217089/; classtype:trojan-activity;sid:84080189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217091/; classtype:trojan-activity;sid:84080191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"167.250.193.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217046/; classtype:trojan-activity;sid:84080146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.249.52.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217048/; classtype:trojan-activity;sid:84080148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.203.89.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217049/; classtype:trojan-activity;sid:84080149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.202.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217053/; classtype:trojan-activity;sid:84080153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217056)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.101.81.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217056/; classtype:trojan-activity;sid:84080156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.106.58.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217058/; classtype:trojan-activity;sid:84080158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217059/; classtype:trojan-activity;sid:84080159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217062/; classtype:trojan-activity;sid:84080162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217063/; classtype:trojan-activity;sid:84080163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.194.46.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217064/; classtype:trojan-activity;sid:84080164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.237.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217065/; classtype:trojan-activity;sid:84080165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.211.219.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217039/; classtype:trojan-activity;sid:84080139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"159.224.143.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217042/; classtype:trojan-activity;sid:84080142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.41.63.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217044/; classtype:trojan-activity;sid:84080144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217037/; classtype:trojan-activity;sid:84080137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.122.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217038/; classtype:trojan-activity;sid:84080138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217029/; classtype:trojan-activity;sid:84080129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.230.158.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217032/; classtype:trojan-activity;sid:84080132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.223.44.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217033/; classtype:trojan-activity;sid:84080133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.155.176.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217006/; classtype:trojan-activity;sid:84080106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217009/; classtype:trojan-activity;sid:84080109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"12.148.208.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217010/; classtype:trojan-activity;sid:84080110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217023/; classtype:trojan-activity;sid:84080123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.183.186.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217024/; classtype:trojan-activity;sid:84080124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217001/; classtype:trojan-activity;sid:84080101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.5.50.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217003/; classtype:trojan-activity;sid:84080103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217004/; classtype:trojan-activity;sid:84080104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216993)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.214.56.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216993/; classtype:trojan-activity;sid:84080093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216967/; classtype:trojan-activity;sid:84080067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.94.29.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216968/; classtype:trojan-activity;sid:84080068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.145.123.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216969/; classtype:trojan-activity;sid:84080069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216971/; classtype:trojan-activity;sid:84080071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.94.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216973/; classtype:trojan-activity;sid:84080073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.250.160.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216974/; classtype:trojan-activity;sid:84080074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.153.80.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216975/; classtype:trojan-activity;sid:84080075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.255.217.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216977/; classtype:trojan-activity;sid:84080077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.245.112.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216980/; classtype:trojan-activity;sid:84080080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.160.128.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216989/; classtype:trojan-activity;sid:84080089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.210.27.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216960/; classtype:trojan-activity;sid:84080060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.90.207.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216962/; classtype:trojan-activity;sid:84080062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216963)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.73.75.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216963/; classtype:trojan-activity;sid:84080063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216958)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.23.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216958/; classtype:trojan-activity;sid:84080058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.4.124.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216950/; classtype:trojan-activity;sid:84080050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.143.133.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216924/; classtype:trojan-activity;sid:84080024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.140.100.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216927/; classtype:trojan-activity;sid:84080027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.118.121.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216933/; classtype:trojan-activity;sid:84080033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.90.207.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216935/; classtype:trojan-activity;sid:84080035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.148.20.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216936/; classtype:trojan-activity;sid:84080036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216937)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.211.252.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216937/; classtype:trojan-activity;sid:84080037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.7.160.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216943/; classtype:trojan-activity;sid:84080043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216945/; classtype:trojan-activity;sid:84080045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"206.214.35.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216917/; classtype:trojan-activity;sid:84080017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.80.242.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216918/; classtype:trojan-activity;sid:84080018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.140.99.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216921/; classtype:trojan-activity;sid:84080021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216889/; classtype:trojan-activity;sid:84079989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216891)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.190.20.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216891/; classtype:trojan-activity;sid:84079991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216892)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.216.100.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216892/; classtype:trojan-activity;sid:84079992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.87.223.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216893/; classtype:trojan-activity;sid:84079993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.127.105.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216899/; classtype:trojan-activity;sid:84079999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216911/; classtype:trojan-activity;sid:84080011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216883/; classtype:trojan-activity;sid:84079983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.112.2.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216877/; classtype:trojan-activity;sid:84079977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.159.8.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216872/; classtype:trojan-activity;sid:84079972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.131.234.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216854/; classtype:trojan-activity;sid:84079954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.41.225.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216855/; classtype:trojan-activity;sid:84079955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.184.179.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216856/; classtype:trojan-activity;sid:84079956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.72.199.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216865/; classtype:trojan-activity;sid:84079965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216867)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.52.86.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216867/; classtype:trojan-activity;sid:84079967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.165.79.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216841/; classtype:trojan-activity;sid:84079941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216843/; classtype:trojan-activity;sid:84079943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.151.34.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216845/; classtype:trojan-activity;sid:84079945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.217.215.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216846/; classtype:trojan-activity;sid:84079946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.196.120.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216837/; classtype:trojan-activity;sid:84079937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.74.246.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216832/; classtype:trojan-activity;sid:84079932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.74.207.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216812/; classtype:trojan-activity;sid:84079912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216813/; classtype:trojan-activity;sid:84079913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.140.100.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216819/; classtype:trojan-activity;sid:84079919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.143.114.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216820/; classtype:trojan-activity;sid:84079920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.179.203.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216823/; classtype:trojan-activity;sid:84079923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.115.103.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216828/; classtype:trojan-activity;sid:84079928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.160.87.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216802/; classtype:trojan-activity;sid:84079902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216803/; classtype:trojan-activity;sid:84079903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.103.171.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216800/; classtype:trojan-activity;sid:84079900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.194.25.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216795/; classtype:trojan-activity;sid:84079895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.192.22.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216796/; classtype:trojan-activity;sid:84079896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.119.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216769/; classtype:trojan-activity;sid:84079869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216772/; classtype:trojan-activity;sid:84079872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.70.238.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216775/; classtype:trojan-activity;sid:84079875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.7.209.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216761/; classtype:trojan-activity;sid:84079861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216763/; classtype:trojan-activity;sid:84079863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216750/; classtype:trojan-activity;sid:84079850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.155.64.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216730/; classtype:trojan-activity;sid:84079830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216738)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.101.130.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216738/; classtype:trojan-activity;sid:84079838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216739/; classtype:trojan-activity;sid:84079839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.197.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216742/; classtype:trojan-activity;sid:84079842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.57.69.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216722/; classtype:trojan-activity;sid:84079822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.190.76.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216723/; classtype:trojan-activity;sid:84079823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.34.7.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216724/; classtype:trojan-activity;sid:84079824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.81.156.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216726/; classtype:trojan-activity;sid:84079826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.30.234.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216717/; classtype:trojan-activity;sid:84079817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.116.62.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216719/; classtype:trojan-activity;sid:84079819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.214.56.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216720/; classtype:trojan-activity;sid:84079820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.193.120.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216715/; classtype:trojan-activity;sid:84079815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.211.135.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216710/; classtype:trojan-activity;sid:84079810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.92.207.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216709/; classtype:trojan-activity;sid:84079809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216685/; classtype:trojan-activity;sid:84079785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.188.215.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216687/; classtype:trojan-activity;sid:84079787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.218.189.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216688/; classtype:trojan-activity;sid:84079788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.85.176.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216690/; classtype:trojan-activity;sid:84079790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216696/; classtype:trojan-activity;sid:84079796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216700/; classtype:trojan-activity;sid:84079800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.36.25.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216675/; classtype:trojan-activity;sid:84079775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216672)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.214.56.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216672/; classtype:trojan-activity;sid:84079772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.28.58.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216670/; classtype:trojan-activity;sid:84079770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.53.164.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216650/; classtype:trojan-activity;sid:84079750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216652/; classtype:trojan-activity;sid:84079752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216653/; classtype:trojan-activity;sid:84079753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.236.46.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216658/; classtype:trojan-activity;sid:84079758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.193.118.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216661/; classtype:trojan-activity;sid:84079761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216664/; classtype:trojan-activity;sid:84079764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.223.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216666/; classtype:trojan-activity;sid:84079766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.5.61.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216641/; classtype:trojan-activity;sid:84079741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.253.205.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216646/; classtype:trojan-activity;sid:84079746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216634)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.204.58.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216634/; classtype:trojan-activity;sid:84079734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.156.46.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216633/; classtype:trojan-activity;sid:84079733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.160.102.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216627/; classtype:trojan-activity;sid:84079727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.40.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216629/; classtype:trojan-activity;sid:84079729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216630)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.58.83.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216630/; classtype:trojan-activity;sid:84079730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216607/; classtype:trojan-activity;sid:84079707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216610/; classtype:trojan-activity;sid:84079710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"136.169.119.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216624/; classtype:trojan-activity;sid:84079724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.6.74.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216599/; classtype:trojan-activity;sid:84079699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.233.63.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216600/; classtype:trojan-activity;sid:84079700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.7.20.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216604/; classtype:trojan-activity;sid:84079704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.49.0.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216598/; classtype:trojan-activity;sid:84079698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216594/; classtype:trojan-activity;sid:84079694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.137.36.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216591/; classtype:trojan-activity;sid:84079691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.248.56.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216572/; classtype:trojan-activity;sid:84079672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.252.86.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216575/; classtype:trojan-activity;sid:84079675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216577)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.247.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216577/; classtype:trojan-activity;sid:84079677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216581/; classtype:trojan-activity;sid:84079681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216582/; classtype:trojan-activity;sid:84079682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.77.228.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216583/; classtype:trojan-activity;sid:84079683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.91.236.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216584/; classtype:trojan-activity;sid:84079684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.200.203.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216588/; classtype:trojan-activity;sid:84079688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.180.9.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216553/; classtype:trojan-activity;sid:84079653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216555/; classtype:trojan-activity;sid:84079655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.112.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216556/; classtype:trojan-activity;sid:84079656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216557/; classtype:trojan-activity;sid:84079657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.46.170.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216559/; classtype:trojan-activity;sid:84079659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.221.111.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216564/; classtype:trojan-activity;sid:84079664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.30.85.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216565/; classtype:trojan-activity;sid:84079665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.200.63.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216567/; classtype:trojan-activity;sid:84079667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216569/; classtype:trojan-activity;sid:84079669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216537/; classtype:trojan-activity;sid:84079637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.36.68.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216511/; classtype:trojan-activity;sid:84079611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216517)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.62.233.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216517/; classtype:trojan-activity;sid:84079617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.4.44.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216519/; classtype:trojan-activity;sid:84079619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216520)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.71.46.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216520/; classtype:trojan-activity;sid:84079620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.160.56.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216522/; classtype:trojan-activity;sid:84079622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216529/; classtype:trojan-activity;sid:84079629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.210.217.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216531/; classtype:trojan-activity;sid:84079631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.28.58.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216532/; classtype:trojan-activity;sid:84079632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216534)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.61.103.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216534/; classtype:trojan-activity;sid:84079634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.1.157.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216536/; classtype:trojan-activity;sid:84079636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.202.49.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216509/; classtype:trojan-activity;sid:84079609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216480)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.80.244.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216480/; classtype:trojan-activity;sid:84079580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.22.48.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216484/; classtype:trojan-activity;sid:84079584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216487)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.160.124.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216487/; classtype:trojan-activity;sid:84079587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.181.166.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216488/; classtype:trojan-activity;sid:84079588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.11.216.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216489/; classtype:trojan-activity;sid:84079589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216496/; classtype:trojan-activity;sid:84079596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.108.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216498/; classtype:trojan-activity;sid:84079598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.252.66.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216499/; classtype:trojan-activity;sid:84079599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216501/; classtype:trojan-activity;sid:84079601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.227.118.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216502/; classtype:trojan-activity;sid:84079602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.223.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216470/; classtype:trojan-activity;sid:84079570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.186.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216471/; classtype:trojan-activity;sid:84079571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.133.214.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216478/; classtype:trojan-activity;sid:84079578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216479/; classtype:trojan-activity;sid:84079579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.227.118.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216465/; classtype:trojan-activity;sid:84079565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216463)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.231.226.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216463/; classtype:trojan-activity;sid:84079563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216456)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.43.104.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216456/; classtype:trojan-activity;sid:84079556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216443)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.249.142.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216443/; classtype:trojan-activity;sid:84079543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216437)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216437/; classtype:trojan-activity;sid:84079537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216435)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216435/; classtype:trojan-activity;sid:84079535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216430)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.122.191.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216430/; classtype:trojan-activity;sid:84079530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216428)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.220.203.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216428/; classtype:trojan-activity;sid:84079528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216422)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"60.29.43.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216422/; classtype:trojan-activity;sid:84079522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216421)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.92.214.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216421/; classtype:trojan-activity;sid:84079521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216404)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.158.25.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216404/; classtype:trojan-activity;sid:84079504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216398)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.106.6.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216398/; classtype:trojan-activity;sid:84079498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216396)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.43.104.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216396/; classtype:trojan-activity;sid:84079496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216384)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.132.12.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216384/; classtype:trojan-activity;sid:84079484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216382)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216382/; classtype:trojan-activity;sid:84079482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216377)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.110.15.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216377/; classtype:trojan-activity;sid:84079477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216376)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.169.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216376/; classtype:trojan-activity;sid:84079476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216372)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216372/; classtype:trojan-activity;sid:84079472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216365)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216365/; classtype:trojan-activity;sid:84079465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216359)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216359/; classtype:trojan-activity;sid:84079459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216353)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.117.136.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216353/; classtype:trojan-activity;sid:84079453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216349)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.225.217.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216349/; classtype:trojan-activity;sid:84079449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216348)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.106.6.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216348/; classtype:trojan-activity;sid:84079448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216334)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.132.13.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216334/; classtype:trojan-activity;sid:84079434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216329)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"181.36.153.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216329/; classtype:trojan-activity;sid:84079429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216327)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.240.97.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216327/; classtype:trojan-activity;sid:84079427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216326)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.156.110.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216326/; classtype:trojan-activity;sid:84079426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216323)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.228.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216323/; classtype:trojan-activity;sid:84079423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216321)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216321/; classtype:trojan-activity;sid:84079421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216318)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.219.74.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216318/; classtype:trojan-activity;sid:84079418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216314)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.108.119.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216314/; classtype:trojan-activity;sid:84079414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216309)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.163.234.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216309/; classtype:trojan-activity;sid:84079409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216306)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216306/; classtype:trojan-activity;sid:84079406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216302/; classtype:trojan-activity;sid:84079402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216301/; classtype:trojan-activity;sid:84079401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.128.81.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215845/; classtype:trojan-activity;sid:84078945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.210.27.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215838/; classtype:trojan-activity;sid:84078938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"156.155.176.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215839/; classtype:trojan-activity;sid:84078939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.118.112.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215834/; classtype:trojan-activity;sid:84078934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.202.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215835/; classtype:trojan-activity;sid:84078935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.74.207.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215832/; classtype:trojan-activity;sid:84078932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.217.215.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215823/; classtype:trojan-activity;sid:84078923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.160.124.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215825/; classtype:trojan-activity;sid:84078925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.147.225.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215826/; classtype:trojan-activity;sid:84078926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.74.246.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215827/; classtype:trojan-activity;sid:84078927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.160.56.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215829/; classtype:trojan-activity;sid:84078929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.239.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215830/; classtype:trojan-activity;sid:84078930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.214.56.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215810/; classtype:trojan-activity;sid:84078910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.205.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215811/; classtype:trojan-activity;sid:84078911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.85.176.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215800/; classtype:trojan-activity;sid:84078900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.252.86.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215806/; classtype:trojan-activity;sid:84078906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.248.23.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215784/; classtype:trojan-activity;sid:84078884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.233.63.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215785/; classtype:trojan-activity;sid:84078885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.186.54.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215788/; classtype:trojan-activity;sid:84078888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.11.216.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215791/; classtype:trojan-activity;sid:84078891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.184.179.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215792/; classtype:trojan-activity;sid:84078892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.112.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215793/; classtype:trojan-activity;sid:84078893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.70.238.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215794/; classtype:trojan-activity;sid:84078894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.221.111.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215795/; classtype:trojan-activity;sid:84078895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215772/; classtype:trojan-activity;sid:84078872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.172.187.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215485/; classtype:trojan-activity;sid:84078585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.203.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215481/; classtype:trojan-activity;sid:84078581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.179.203.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215482/; classtype:trojan-activity;sid:84078582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.26.81.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215483/; classtype:trojan-activity;sid:84078583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.160.102.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215478/; classtype:trojan-activity;sid:84078578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.153.80.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215472/; classtype:trojan-activity;sid:84078572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.155.92.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215473/; classtype:trojan-activity;sid:84078573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.214.56.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215474/; classtype:trojan-activity;sid:84078574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215469/; classtype:trojan-activity;sid:84078569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.160.87.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215463/; classtype:trojan-activity;sid:84078563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.131.234.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215465/; classtype:trojan-activity;sid:84078565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.158.206.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215454/; classtype:trojan-activity;sid:84078554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.207.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215455/; classtype:trojan-activity;sid:84078555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.9.34.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215447/; classtype:trojan-activity;sid:84078547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.223.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215449/; classtype:trojan-activity;sid:84078549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.218.42.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215442/; classtype:trojan-activity;sid:84078542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.91.236.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215434/; classtype:trojan-activity;sid:84078534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.94.219.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215435/; classtype:trojan-activity;sid:84078535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.122.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215441/; classtype:trojan-activity;sid:84078541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.211.15.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215424/; classtype:trojan-activity;sid:84078524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.81.156.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215421/; classtype:trojan-activity;sid:84078521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"206.214.35.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215422/; classtype:trojan-activity;sid:84078522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.186.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215420/; classtype:trojan-activity;sid:84078520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.255.217.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215417/; classtype:trojan-activity;sid:84078517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.7.209.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215409/; classtype:trojan-activity;sid:84078509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.196.120.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215410/; classtype:trojan-activity;sid:84078510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.143.114.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215403/; classtype:trojan-activity;sid:84078503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.223.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215404/; classtype:trojan-activity;sid:84078504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.118.121.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215401/; classtype:trojan-activity;sid:84078501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.203.89.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215392/; classtype:trojan-activity;sid:84078492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215399/; classtype:trojan-activity;sid:84078499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.61.103.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215388/; classtype:trojan-activity;sid:84078488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.116.62.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215380/; classtype:trojan-activity;sid:84078480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.46.170.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215382/; classtype:trojan-activity;sid:84078482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.112.2.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215375/; classtype:trojan-activity;sid:84078475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.85.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215377/; classtype:trojan-activity;sid:84078477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.23.192.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215366/; classtype:trojan-activity;sid:84078466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.160.128.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215369/; classtype:trojan-activity;sid:84078469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.238.209.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215371/; classtype:trojan-activity;sid:84078471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.218.189.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215358/; classtype:trojan-activity;sid:84078458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.223.60.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215363/; classtype:trojan-activity;sid:84078463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.211.219.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215355/; classtype:trojan-activity;sid:84078455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215259)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215259/; classtype:trojan-activity;sid:84078359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3213897)"; flow:established,from_client; content:"GET"; http_method; content:"/matinrco/tor/releases/download/v0.4.5.10/tor-expert-bundle-v0.4.5.10.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3213897/; classtype:trojan-activity;sid:84076997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3206293)"; flow:established,from_client; content:"GET"; http_method; content:"/ox2fa/justnow/refs/heads/main/2pac.php"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3206293/; classtype:trojan-activity;sid:84069393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.176.50.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204753/; classtype:trojan-activity;sid:84067853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.176.50.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204733/; classtype:trojan-activity;sid:84067833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204531)"; flow:established,from_client; content:"GET"; http_method; content:"/for_down/2013/new/dlls/rse/rsreport.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"download.suxiazai.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204531/; classtype:trojan-activity;sid:84067631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3200548)"; flow:established,from_client; content:"GET"; http_method; content:"/slinky/slinkycrack.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"crystalpvp.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_29; reference:url, urlhaus.abuse.ch/url/3200548/; classtype:trojan-activity;sid:84063648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198764)"; flow:established,from_client; content:"GET"; http_method; content:"/host.out"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.50.0.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198764/; classtype:trojan-activity;sid:84061864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198753)"; flow:established,from_client; content:"GET"; http_method; content:"/pinginfoview.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"139.198.15.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198753/; classtype:trojan-activity;sid:84061853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198696)"; flow:established,from_client; content:"GET"; http_method; content:"/cen22.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.100.33.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198696/; classtype:trojan-activity;sid:84061796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3197279)"; flow:established,from_client; content:"GET"; http_method; content:"/dwinstall.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"58.23.215.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3197279/; classtype:trojan-activity;sid:84060379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3197121)"; flow:established,from_client; content:"GET"; http_method; content:"/downverysync.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"58.23.215.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3197121/; classtype:trojan-activity;sid:84060221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195888)"; flow:established,from_client; content:"GET"; http_method; content:"/dllgiris.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"78.188.137.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195888/; classtype:trojan-activity;sid:84058988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195887)"; flow:established,from_client; content:"GET"; http_method; content:"/dllgiris.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"212.98.231.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195887/; classtype:trojan-activity;sid:84058987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195883)"; flow:established,from_client; content:"GET"; http_method; content:"/scanport.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"139.198.15.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195883/; classtype:trojan-activity;sid:84058983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195831)"; flow:established,from_client; content:"GET"; http_method; content:"/winbox/winbox.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.123.98.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195831/; classtype:trojan-activity;sid:84058931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195832)"; flow:established,from_client; content:"GET"; http_method; content:"/winbox/winbox.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.123.98.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195832/; classtype:trojan-activity;sid:84058932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195736)"; flow:established,from_client; content:"GET"; http_method; content:"/fx8"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"123.57.250.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195736/; classtype:trojan-activity;sid:84058836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195292)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%b8%85%e7%90%86%e5%9e%83%e5%9c%be.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"39.103.217.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195292/; classtype:trojan-activity;sid:84058392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195255)"; flow:established,from_client; content:"GET"; http_method; content:"/exsync.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.137.135.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195255/; classtype:trojan-activity;sid:84058355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195166)"; flow:established,from_client; content:"GET"; http_method; content:"/aact.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"218.22.21.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195166/; classtype:trojan-activity;sid:84058266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3193861)"; flow:established,from_client; content:"GET"; http_method; content:"/massgravel/microsoft-activation-scripts/b1b5299c4725d97349b18b59061647198f7cc59b/mas/all-in-one-version-kl/mas_aio.cmd"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_27; reference:url, urlhaus.abuse.ch/url/3193861/; classtype:trojan-activity;sid:84056961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3193548)"; flow:established,from_client; content:"GET"; http_method; content:"/bitrix/js/main/core/core.js"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"evangroup.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_27; reference:url, urlhaus.abuse.ch/url/3193548/; classtype:trojan-activity;sid:84056648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192738)"; flow:established,from_client; content:"GET"; http_method; content:"/sq1mon-v.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192738/; classtype:trojan-activity;sid:84055838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192737)"; flow:established,from_client; content:"GET"; http_method; content:"/library.so"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192737/; classtype:trojan-activity;sid:84055837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192735)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192735/; classtype:trojan-activity;sid:84055835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192736)"; flow:established,from_client; content:"GET"; http_method; content:"/data.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192736/; classtype:trojan-activity;sid:84055836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192734)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192734/; classtype:trojan-activity;sid:84055834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192733)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon_lagacy.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192733/; classtype:trojan-activity;sid:84055833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192732)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192732/; classtype:trojan-activity;sid:84055832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192730)"; flow:established,from_client; content:"GET"; http_method; content:"/cabbage.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192730/; classtype:trojan-activity;sid:84055830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192568)"; flow:established,from_client; content:"GET"; http_method; content:"/mimikatz_trunk/win32/mimikatz.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"120.25.163.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192568/; classtype:trojan-activity;sid:84055668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190997)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190997/; classtype:trojan-activity;sid:84054097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190945)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.206.151.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190945/; classtype:trojan-activity;sid:84054045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190775)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190775/; classtype:trojan-activity;sid:84053875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190704)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190704/; classtype:trojan-activity;sid:84053804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190652)"; flow:established,from_client; content:"GET"; http_method; content:"/pornhub_downloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.206.151.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190652/; classtype:trojan-activity;sid:84053752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190461)"; flow:established,from_client; content:"GET"; http_method; content:"/7"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.153.129.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190461/; classtype:trojan-activity;sid:84053561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190462)"; flow:established,from_client; content:"GET"; http_method; content:"/5"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.153.129.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190462/; classtype:trojan-activity;sid:84053562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190459)"; flow:established,from_client; content:"GET"; http_method; content:"/3"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.153.129.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190459/; classtype:trojan-activity;sid:84053559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190421)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"51.91.111.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190421/; classtype:trojan-activity;sid:84053521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190376)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.153.129.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190376/; classtype:trojan-activity;sid:84053476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190326)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190326/; classtype:trojan-activity;sid:84053426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190328)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190328/; classtype:trojan-activity;sid:84053428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190323)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190323/; classtype:trojan-activity;sid:84053423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190317)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190317/; classtype:trojan-activity;sid:84053417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189225)"; flow:established,from_client; content:"GET"; http_method; content:"/unknwon1352/qawfdasfaw/main/software.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189225/; classtype:trojan-activity;sid:84052325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3188620)"; flow:established,from_client; content:"GET"; http_method; content:"/repository/aa_v3.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"83.149.17.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3188620/; classtype:trojan-activity;sid:84051720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3188034)"; flow:established,from_client; content:"GET"; http_method; content:"/blueskyxn/changesource/master/besttrace"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3188034/; classtype:trojan-activity;sid:84051134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187553)"; flow:established,from_client; content:"GET"; http_method; content:"/download/%e5%9b%9b%e6%96%b9%e5%b9%b3%e5%8f%b0-%e5%8d%a1%e5%95%86%e7%ab%af.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"sms-szfang.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187553/; classtype:trojan-activity;sid:84050653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186441)"; flow:established,from_client; content:"GET"; http_method; content:"/dxl_win_tool_v9.6.iso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186441/; classtype:trojan-activity;sid:84049541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186440)"; flow:established,from_client; content:"GET"; http_method; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.iso"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186440/; classtype:trojan-activity;sid:84049540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186439)"; flow:established,from_client; content:"GET"; http_method; content:"/dxl_win_tool_v9.4.iso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186439/; classtype:trojan-activity;sid:84049539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186430)"; flow:established,from_client; content:"GET"; http_method; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186430/; classtype:trojan-activity;sid:84049530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186428)"; flow:established,from_client; content:"GET"; http_method; content:"/1_dxl_windowsport.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186428/; classtype:trojan-activity;sid:84049528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182627)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.i586"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182627/; classtype:trojan-activity;sid:84045727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182626)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.armv7l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182626/; classtype:trojan-activity;sid:84045726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182623)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.armv5l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182623/; classtype:trojan-activity;sid:84045723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182624)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.armv6l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182624/; classtype:trojan-activity;sid:84045724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182620)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182620/; classtype:trojan-activity;sid:84045720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3178401)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1v9ujqbyj-mlf9mugkyiwow6t3rpui2bu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_09_17; reference:url, urlhaus.abuse.ch/url/3178401/; classtype:trojan-activity;sid:84041501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3177088)"; flow:established,from_client; content:"GET"; http_method; content:"/game/qm2014chs.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"144.34.158.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_16; reference:url, urlhaus.abuse.ch/url/3177088/; classtype:trojan-activity;sid:84040188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175721)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175721/; classtype:trojan-activity;sid:84038821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175712)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175712/; classtype:trojan-activity;sid:84038812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175448)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175448/; classtype:trojan-activity;sid:84038548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175437)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175437/; classtype:trojan-activity;sid:84038537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175403)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175403/; classtype:trojan-activity;sid:84038503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175280)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175280/; classtype:trojan-activity;sid:84038380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174891)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174891/; classtype:trojan-activity;sid:84037991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174523)"; flow:established,from_client; content:"GET"; http_method; content:"/scribblercoder/browserthief/main/browserthief.ps1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174523/; classtype:trojan-activity;sid:84037623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174364)"; flow:established,from_client; content:"GET"; http_method; content:"/foru.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tecunonline.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174364/; classtype:trojan-activity;sid:84037464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174340)"; flow:established,from_client; content:"GET"; http_method; content:"/foru.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.tecunonline.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174340/; classtype:trojan-activity;sid:84037440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174264)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174264/; classtype:trojan-activity;sid:84037364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3173868)"; flow:established,from_client; content:"GET"; http_method; content:"/file.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3173868/; classtype:trojan-activity;sid:84036968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172240)"; flow:established,from_client; content:"GET"; http_method; content:"/techsavvysenior/referralreactjs/archive/refs/heads/main.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172240/; classtype:trojan-activity;sid:84035340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3171542)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3171542/; classtype:trojan-activity;sid:84034642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3169080)"; flow:established,from_client; content:"GET"; http_method; content:"/tenants/135790374f46b0107c516a5f5e13069b/5e5f800fdf87209fdf8f9b61441e53a1/linux/x64/stable/install.sh"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"download.cudo.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_09_12; reference:url, urlhaus.abuse.ch/url/3169080/; classtype:trojan-activity;sid:84032180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3164816)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.194.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3164816/; classtype:trojan-activity;sid:84027916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3154718)"; flow:established,from_client; content:"GET"; http_method; content:"/hackirby/discord-injection/main/injection.js"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_03; reference:url, urlhaus.abuse.ch/url/3154718/; classtype:trojan-activity;sid:84017818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153312)"; flow:established,from_client; content:"GET"; http_method; content:"/jndiexploit-0x727-1.3-snapshot.jar"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"8.219.134.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153312/; classtype:trojan-activity;sid:84016412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153310)"; flow:established,from_client; content:"GET"; http_method; content:"/fastjson.class"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.219.134.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153310/; classtype:trojan-activity;sid:84016410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135722)"; flow:established,from_client; content:"GET"; http_method; content:"/sosinchik/asd/main/zoom.py"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135722/; classtype:trojan-activity;sid:83998822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135724)"; flow:established,from_client; content:"GET"; http_method; content:"/moneroocean/xmrig_setup/master/setup_moneroocean_miner.sh"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135724/; classtype:trojan-activity;sid:83998824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135613)"; flow:established,from_client; content:"GET"; http_method; content:"/log/orgn.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"epanpano.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135613/; classtype:trojan-activity;sid:83998713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134374)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/wnbsqv3008.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"soft.wsyhn.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134374/; classtype:trojan-activity;sid:83997474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134371)"; flow:established,from_client; content:"GET"; http_method; content:"/qqhelper_1540.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"down.qqfarmer.com.cn"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134371/; classtype:trojan-activity;sid:83997471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134368)"; flow:established,from_client; content:"GET"; http_method; content:"/login/1188%e7%83%88%e7%84%b0.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"cdn.ly.9377.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134368/; classtype:trojan-activity;sid:83997468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134057)"; flow:established,from_client; content:"GET"; http_method; content:"/cardpwd/cardpwd.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"58.23.215.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134057/; classtype:trojan-activity;sid:83997157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129654)"; flow:established,from_client; content:"GET"; http_method; content:"/nova_flow/patcher.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"144.172.71.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129654/; classtype:trojan-activity;sid:83992754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129577)"; flow:established,from_client; content:"GET"; http_method; content:"/pages/update/css/self/[upg]css.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"cs.go.kg"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129577/; classtype:trojan-activity;sid:83992677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129478)"; flow:established,from_client; content:"GET"; http_method; content:"/zoldownload/foobar2000_v1.6.7_beta_17@1704_129472.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"down10d.zol.com.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129478/; classtype:trojan-activity;sid:83992578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129422)"; flow:established,from_client; content:"GET"; http_method; content:"/tjqdq.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.249.193.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129422/; classtype:trojan-activity;sid:83992522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129417)"; flow:established,from_client; content:"GET"; http_method; content:"/asmedises/pxray_cast_sort.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.medises.co.kr"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129417/; classtype:trojan-activity;sid:83992517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129220)"; flow:established,from_client; content:"GET"; http_method; content:"/media/mod_junewsultra/js/bootstrap/js/bootstrap.min.js"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"temirtau-adm.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129220/; classtype:trojan-activity;sid:83992320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129042)"; flow:established,from_client; content:"GET"; http_method; content:"/yuta1111x/selfbot/04ecdf46e8db9fce689d93905d759334b475c825/aquarius.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129042/; classtype:trojan-activity;sid:83992142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3126010)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2021-3156.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"20.243.255.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3126010/; classtype:trojan-activity;sid:83989110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125901)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2021-3156.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"20.243.255.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125901/; classtype:trojan-activity;sid:83989001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3119648)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/spam-c273a.appspot.com/o/15-08-2024.jpg|3f|alt=media|7c|26|7c|token=dba912c0-e841-4225-ab88-8ba2612661e2"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_08_21; reference:url, urlhaus.abuse.ch/url/3119648/; classtype:trojan-activity;sid:83982748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118765)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118765/; classtype:trojan-activity;sid:83981865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118728)"; flow:established,from_client; content:"GET"; http_method; content:"/i5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118728/; classtype:trojan-activity;sid:83981828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118721)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118721/; classtype:trojan-activity;sid:83981821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118722)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118722/; classtype:trojan-activity;sid:83981822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118723)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118723/; classtype:trojan-activity;sid:83981823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118724)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118724/; classtype:trojan-activity;sid:83981824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118725)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118725/; classtype:trojan-activity;sid:83981825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118726)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118726/; classtype:trojan-activity;sid:83981826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118727)"; flow:established,from_client; content:"GET"; http_method; content:"/i6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118727/; classtype:trojan-activity;sid:83981827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118690)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/cn/351.hta"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.3.243.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118690/; classtype:trojan-activity;sid:83981790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3116247)"; flow:established,from_client; content:"GET"; http_method; content:"/data.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"boylegmfg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_19; reference:url, urlhaus.abuse.ch/url/3116247/; classtype:trojan-activity;sid:83979347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3116246)"; flow:established,from_client; content:"GET"; http_method; content:"/data.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"boylegmfg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_19; reference:url, urlhaus.abuse.ch/url/3116246/; classtype:trojan-activity;sid:83979346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3115660)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_19; reference:url, urlhaus.abuse.ch/url/3115660/; classtype:trojan-activity;sid:83978760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3114844)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3114844/; classtype:trojan-activity;sid:83977944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3114845)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3114845/; classtype:trojan-activity;sid:83977945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3114776)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3114776/; classtype:trojan-activity;sid:83977876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3114775)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3114775/; classtype:trojan-activity;sid:83977875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112427)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"190.104.213.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112427/; classtype:trojan-activity;sid:83975527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112426)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"200.29.120.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112426/; classtype:trojan-activity;sid:83975526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112419)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.182.76.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112419/; classtype:trojan-activity;sid:83975519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112420)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.182.76.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112420/; classtype:trojan-activity;sid:83975520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112417)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.121.250.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112417/; classtype:trojan-activity;sid:83975517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110861)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110861/; classtype:trojan-activity;sid:83973961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110511)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.55.250.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110511/; classtype:trojan-activity;sid:83973611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109981)"; flow:established,from_client; content:"GET"; http_method; content:"/in/2041.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109981/; classtype:trojan-activity;sid:83973081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109982)"; flow:established,from_client; content:"GET"; http_method; content:"/in/204.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109982/; classtype:trojan-activity;sid:83973082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109980)"; flow:established,from_client; content:"GET"; http_method; content:"/in/d204.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109980/; classtype:trojan-activity;sid:83973080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108504)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/webcam.dll"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108504/; classtype:trojan-activity;sid:83971604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108505)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/token%20grabber.dll"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108505/; classtype:trojan-activity;sid:83971605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108506)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/rootkit.dll"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108506/; classtype:trojan-activity;sid:83971606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108503)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/passwordstealer.dll"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108503/; classtype:trojan-activity;sid:83971603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108502)"; flow:established,from_client; content:"GET"; http_method; content:"/openark/version.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"file.blackint3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108502/; classtype:trojan-activity;sid:83971602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108492)"; flow:established,from_client; content:"GET"; http_method; content:"/openark/openark64.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"file.blackint3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108492/; classtype:trojan-activity;sid:83971592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108491)"; flow:established,from_client; content:"GET"; http_method; content:"/openark/openark32.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"file.blackint3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108491/; classtype:trojan-activity;sid:83971591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106560)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120646if_/http:/154.216.19.139/bins/mirai.armv4l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106560/; classtype:trojan-activity;sid:83969660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106559)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122936if_/http:/154.216.19.139/bins/mirai.gnueabihf"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106559/; classtype:trojan-activity;sid:83969659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106556)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121041if_/http:/154.216.19.139/bins/mirai.armv6l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106556/; classtype:trojan-activity;sid:83969656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106557)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808123114if_/http:/154.216.19.139/bins/mirai.arc"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106557/; classtype:trojan-activity;sid:83969657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106551)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122755if_/http:/154.216.19.139/bins/mirai.x86_64"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106551/; classtype:trojan-activity;sid:83969651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106552)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121121if_/http:/154.216.19.139/bins/mirai.armv7l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106552/; classtype:trojan-activity;sid:83969652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106553)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120945if_/http:/154.216.19.139/bins/mirai.armv5l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106553/; classtype:trojan-activity;sid:83969653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106554)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122159if_/http:/154.216.19.139/bins/mirai.powerpc"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106554/; classtype:trojan-activity;sid:83969654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106555)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121832if_/http:/154.216.19.139/bins/mirai.mipsel"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106555/; classtype:trojan-activity;sid:83969655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105147)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/test_move.bat"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105147/; classtype:trojan-activity;sid:83968247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105148)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/test_virus.bat"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105148/; classtype:trojan-activity;sid:83968248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105149)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/keylogger.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105149/; classtype:trojan-activity;sid:83968249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105150)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/networks_profile.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105150/; classtype:trojan-activity;sid:83968250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105145)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/backdoor.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105145/; classtype:trojan-activity;sid:83968245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105146)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/fill_storage_move.bat"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105146/; classtype:trojan-activity;sid:83968246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105144)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/fill_storage_virus.bat"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105144/; classtype:trojan-activity;sid:83968244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103508)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.122.165.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103508/; classtype:trojan-activity;sid:83966608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103490)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.122.165.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103490/; classtype:trojan-activity;sid:83966590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103488)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103488/; classtype:trojan-activity;sid:83966588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103489)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103489/; classtype:trojan-activity;sid:83966589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103482)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.255.218.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103482/; classtype:trojan-activity;sid:83966582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103476)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103476/; classtype:trojan-activity;sid:83966576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103467)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.241.17.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103467/; classtype:trojan-activity;sid:83966567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100465)"; flow:established,from_client; content:"GET"; http_method; content:"/cdn-vs/data.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"k1gkl25as.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100465/; classtype:trojan-activity;sid:83963565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100103)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthclient.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100103/; classtype:trojan-activity;sid:83963203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100102)"; flow:established,from_client; content:"GET"; http_method; content:"/ggws.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100102/; classtype:trojan-activity;sid:83963202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100100)"; flow:established,from_client; content:"GET"; http_method; content:"/ggwsupdate.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100100/; classtype:trojan-activity;sid:83963200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100042)"; flow:established,from_client; content:"GET"; http_method; content:"/joelgmsec/invoke-stealth/main/resources/betterxencrypt/betterxencrypt.ps1"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100042/; classtype:trojan-activity;sid:83963142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099961)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122448if_/http:/154.216.19.139/bins/mirai.sh4"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099961/; classtype:trojan-activity;sid:83963061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099962)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121230if_/http:/154.216.19.139/bins/mirai.i586"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099962/; classtype:trojan-activity;sid:83963062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099963)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122636if_/http:/154.216.19.139/bins/mirai.sparc"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099963/; classtype:trojan-activity;sid:83963063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099965)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121347if_/http:/154.216.19.139/bins/mirai.m68k"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099965/; classtype:trojan-activity;sid:83963065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099960)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121308if_/http:/154.216.19.139/bins/mirai.i686"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099960/; classtype:trojan-activity;sid:83963060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097244)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120223if_/http://154.216.19.139/bins/mirai.bin"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097244/; classtype:trojan-activity;sid:83960344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097239)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122755if_/http://154.216.19.139/bins/mirai.x86_64"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097239/; classtype:trojan-activity;sid:83960339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097240)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121041if_/http://154.216.19.139/bins/mirai.armv6l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097240/; classtype:trojan-activity;sid:83960340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097241)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121230if_/http://154.216.19.139/bins/mirai.i586"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097241/; classtype:trojan-activity;sid:83960341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097242)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122636if_/http://154.216.19.139/bins/mirai.sparc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097242/; classtype:trojan-activity;sid:83960342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097243)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121308if_/http://154.216.19.139/bins/mirai.i686"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097243/; classtype:trojan-activity;sid:83960343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097229)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122159if_/http://154.216.19.139/bins/mirai.powerpc"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097229/; classtype:trojan-activity;sid:83960329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097230)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121347if_/http://154.216.19.139/bins/mirai.m68k"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097230/; classtype:trojan-activity;sid:83960330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097231)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121121if_/http://154.216.19.139/bins/mirai.armv7l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097231/; classtype:trojan-activity;sid:83960331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097232)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808123114if_/http://154.216.19.139/bins/mirai.arc"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097232/; classtype:trojan-activity;sid:83960332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097233)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122448if_/http://154.216.19.139/bins/mirai.sh4"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097233/; classtype:trojan-activity;sid:83960333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097234)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121832if_/http://154.216.19.139/bins/mirai.mipsel"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097234/; classtype:trojan-activity;sid:83960334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097235)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120945if_/http://154.216.19.139/bins/mirai.armv5l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097235/; classtype:trojan-activity;sid:83960335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097237)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122936if_/http://154.216.19.139/bins/mirai.gnueabihf"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097237/; classtype:trojan-activity;sid:83960337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097238)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121419if_/http://154.216.19.139/bins/mirai.mips"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097238/; classtype:trojan-activity;sid:83960338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3094790)"; flow:established,from_client; content:"GET"; http_method; content:"/latest.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"37.9.35.70"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3094790/; classtype:trojan-activity;sid:83957890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093518)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/uypthvq0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093518/; classtype:trojan-activity;sid:83956618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093388)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093388/; classtype:trojan-activity;sid:83956488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093191)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.243.175.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093191/; classtype:trojan-activity;sid:83956291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093125)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.55.250.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093125/; classtype:trojan-activity;sid:83956225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092877)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"85.175.101.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092877/; classtype:trojan-activity;sid:83955977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092809)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rme3ibrb"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092809/; classtype:trojan-activity;sid:83955909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092807)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/a9he0f3w"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092807/; classtype:trojan-activity;sid:83955907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088913)"; flow:established,from_client; content:"GET"; http_method; content:"/%5bwww.ghxi.com%5d%e7%93%9c%e5%ad%90%e5%bd%b1%e8%a7%86v2_v1.9.1.1.apk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"47.109.77.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088913/; classtype:trojan-activity;sid:83952013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088911)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%88%91%e7%9a%84%e7%94%b5%e8%a7%86tv-v2.1.8-%e5%85%8d%e8%b4%b9%e7%ba%af%e5%87%80%e7%89%88.apk"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"47.109.77.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088911/; classtype:trojan-activity;sid:83952011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086848)"; flow:established,from_client; content:"GET"; http_method; content:"/down/tb/tb.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tengfeidn.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086848/; classtype:trojan-activity;sid:83949948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086847)"; flow:established,from_client; content:"GET"; http_method; content:"/down/jf/jf.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tengfeidn.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086847/; classtype:trojan-activity;sid:83949947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086390)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/%5bwin"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"8.218.138.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086390/; classtype:trojan-activity;sid:83949490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083844)"; flow:established,from_client; content:"GET"; http_method; content:"/store_app/guardservice.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sgz-1302338321.cos.ap-guangzhou.myqcloud.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_08_02; reference:url, urlhaus.abuse.ch/url/3083844/; classtype:trojan-activity;sid:83946944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3079718)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"120.77.253.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3079718/; classtype:trojan-activity;sid:83942818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072990)"; flow:established,from_client; content:"GET"; http_method; content:"/komasinfo/idcb/main/cbs_applcation_details_072602024_xlsx.rar"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072990/; classtype:trojan-activity;sid:83936090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072974)"; flow:established,from_client; content:"GET"; http_method; content:"/adrinnno/ptwis/raw/main/file_cbs_app_details_no-0923871691_xlsx.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072974/; classtype:trojan-activity;sid:83936074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072975)"; flow:established,from_client; content:"GET"; http_method; content:"/reporgu/fakado/raw/main/transaction_file_9812009_end_ids_yesbr5_pdf.rar"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072975/; classtype:trojan-activity;sid:83936075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072978)"; flow:established,from_client; content:"GET"; http_method; content:"/komasinfo/idcb/raw/main/cbs_applcation_details_072602024_xlsx.rar"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072978/; classtype:trojan-activity;sid:83936078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072969)"; flow:established,from_client; content:"GET"; http_method; content:"/deannwas/policah/main/file_cbs_app_details_no-0923871691_xlsx.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072969/; classtype:trojan-activity;sid:83936069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072970)"; flow:established,from_client; content:"GET"; http_method; content:"/trevsglass/morna/main/ref_ba0929399122_pdf.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072970/; classtype:trojan-activity;sid:83936070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072971)"; flow:established,from_client; content:"GET"; http_method; content:"/trevsglass/morna/raw/main/ref_ba0929399122_pdf.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072971/; classtype:trojan-activity;sid:83936071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072972)"; flow:established,from_client; content:"GET"; http_method; content:"/reporgu/fakado/main/transaction_file_9812009_end_ids_yesbr5_pdf.rar"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072972/; classtype:trojan-activity;sid:83936072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072973)"; flow:established,from_client; content:"GET"; http_method; content:"/grayinv/henidus/raw/main/transaction_end_ids_58788719853478_pdf.rar"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072973/; classtype:trojan-activity;sid:83936073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058866)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2023-36874.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058866/; classtype:trojan-activity;sid:83921966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058862)"; flow:established,from_client; content:"GET"; http_method; content:"/nc64.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058862/; classtype:trojan-activity;sid:83921962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058863)"; flow:established,from_client; content:"GET"; http_method; content:"/nc64.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058863/; classtype:trojan-activity;sid:83921963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058864)"; flow:established,from_client; content:"GET"; http_method; content:"/b64"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058864/; classtype:trojan-activity;sid:83921964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052730)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/srmaster-3e0e8.appspot.com/o/revenger.jpg|3f|alt=media|7c|26|7c|token=f4f35bff-72c6-4f56-ae67-ea2379366dd5"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052730/; classtype:trojan-activity;sid:83915830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052707)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052707/; classtype:trojan-activity;sid:83915807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052706)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"220.248.47.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052706/; classtype:trojan-activity;sid:83915806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/mimikatz.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052415/; classtype:trojan-activity;sid:83915515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimispool.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052412/; classtype:trojan-activity;sid:83915512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimilib.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052413/; classtype:trojan-activity;sid:83915513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimidrv.sys"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052414/; classtype:trojan-activity;sid:83915514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimidrv.sys"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052395/; classtype:trojan-activity;sid:83915495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimikatz.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052400/; classtype:trojan-activity;sid:83915500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimispool.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052392/; classtype:trojan-activity;sid:83915492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilove.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052393/; classtype:trojan-activity;sid:83915493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilib.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052394/; classtype:trojan-activity;sid:83915494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968688)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader1.1.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968688/; classtype:trojan-activity;sid:83831788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968679)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/12.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968679/; classtype:trojan-activity;sid:83831779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968678)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/22.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968678/; classtype:trojan-activity;sid:83831778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949407)"; flow:established,from_client; content:"GET"; http_method; content:"/tan.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www999999safagqwhg-1327129302.cos.ap-chengdu.myqcloud.com"; http_host; depth:57; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949407/; classtype:trojan-activity;sid:83812507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949406)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.210.27.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949406/; classtype:trojan-activity;sid:83812506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949385)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rsqnkyvcaein5m-gskl8coyuh8w5xrbd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949385/; classtype:trojan-activity;sid:83812485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949176)"; flow:established,from_client; content:"GET"; http_method; content:"/tan.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www999999asgasg-1327129302.cos.ap-chengdu.myqcloud.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949176/; classtype:trojan-activity;sid:83812276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2947794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.194.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2947794/; classtype:trojan-activity;sid:83810894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2947795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.248.194.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2947795/; classtype:trojan-activity;sid:83810895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2947781)"; flow:established,from_client; content:"GET"; http_method; content:"/bitrix/cache/js/s1/kolibri_corppro/kernel_main/kernel_main_v1.js"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"vodomer-service.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2947781/; classtype:trojan-activity;sid:83810881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2944285)"; flow:established,from_client; content:"GET"; http_method; content:"/jijilovedada/jijilovedada/main/tools/cc/adaptorovernight.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2944285/; classtype:trojan-activity;sid:83807385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942727)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/1.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942727/; classtype:trojan-activity;sid:83805827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942725)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download//1.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942725/; classtype:trojan-activity;sid:83805825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942694)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/123.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942694/; classtype:trojan-activity;sid:83805794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942567)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/win"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"8.218.138.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942567/; classtype:trojan-activity;sid:83805667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934823)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/000.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934823/; classtype:trojan-activity;sid:83797923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934824)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/trojan.malpack.themida%20(anti%20vm).exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934824/; classtype:trojan-activity;sid:83797924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934818)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/jigsaw.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934818/; classtype:trojan-activity;sid:83797918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934819)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/freeyoutubedownloader.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934819/; classtype:trojan-activity;sid:83797919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934820)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/memz.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934820/; classtype:trojan-activity;sid:83797920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934821)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/noescape.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934821/; classtype:trojan-activity;sid:83797921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934822)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/destover.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934822/; classtype:trojan-activity;sid:83797922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934816)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/meredrop.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934816/; classtype:trojan-activity;sid:83797916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934817)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/redlinestealer.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934817/; classtype:trojan-activity;sid:83797917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934811)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/hive%20ransomware.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934811/; classtype:trojan-activity;sid:83797911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934812)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/wannacry.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934812/; classtype:trojan-activity;sid:83797912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934813)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/nomoreransom.exe"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934813/; classtype:trojan-activity;sid:83797913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934808)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/petya.a.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934808/; classtype:trojan-activity;sid:83797908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934809)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/cryptowall.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934809/; classtype:trojan-activity;sid:83797909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934810)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/infinitycrypt.exe"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934810/; classtype:trojan-activity;sid:83797910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934805)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/coronavirus.exe"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934805/; classtype:trojan-activity;sid:83797905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932460)"; flow:established,from_client; content:"GET"; http_method; content:"/445.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"down.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932460/; classtype:trojan-activity;sid:83795560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2914055)"; flow:established,from_client; content:"GET"; http_method; content:"/tq.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"down.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_30; reference:url, urlhaus.abuse.ch/url/2914055/; classtype:trojan-activity;sid:83777155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2912423)"; flow:established,from_client; content:"GET"; http_method; content:"/tq.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssl.ftp21.cc"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_29; reference:url, urlhaus.abuse.ch/url/2912423/; classtype:trojan-activity;sid:83775523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911224)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.207.44.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911224/; classtype:trojan-activity;sid:83774324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911222)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.3.78.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911222/; classtype:trojan-activity;sid:83774322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911219)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911219/; classtype:trojan-activity;sid:83774319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911217)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911217/; classtype:trojan-activity;sid:83774317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911215)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911215/; classtype:trojan-activity;sid:83774315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911212)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911212/; classtype:trojan-activity;sid:83774312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911194)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.103.203.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911194/; classtype:trojan-activity;sid:83774294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911191)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911191/; classtype:trojan-activity;sid:83774291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911187)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911187/; classtype:trojan-activity;sid:83774287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911184)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"126.23.203.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911184/; classtype:trojan-activity;sid:83774284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911166)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.22.139.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911166/; classtype:trojan-activity;sid:83774266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911154)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.255.114.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911154/; classtype:trojan-activity;sid:83774254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911160)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"181.36.153.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911160/; classtype:trojan-activity;sid:83774260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911133)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911133/; classtype:trojan-activity;sid:83774233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911126)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.186.91.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911126/; classtype:trojan-activity;sid:83774226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911119)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83-87-76-41.cable.dynamic.v4.ziggo.nl"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911119/; classtype:trojan-activity;sid:83774219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911118)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.87.76.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911118/; classtype:trojan-activity;sid:83774218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911113)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"softbank126023203236.bbtec.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911113/; classtype:trojan-activity;sid:83774213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911108)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"host-195-103-203-106.business.telecomitalia.it"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911108/; classtype:trojan-activity;sid:83774208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911105)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"host-95-255-114-11.business.telecomitalia.it"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911105/; classtype:trojan-activity;sid:83774205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909310)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.118.79.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909310/; classtype:trojan-activity;sid:83772410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909291)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.184.185.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909291/; classtype:trojan-activity;sid:83772391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909290)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.224.107.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909290/; classtype:trojan-activity;sid:83772390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908913)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.72.167.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908913/; classtype:trojan-activity;sid:83772013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908909)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"12.196.184.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908909/; classtype:trojan-activity;sid:83772009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908899)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"211.192.113.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908899/; classtype:trojan-activity;sid:83771999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908900)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"190.108.63.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908900/; classtype:trojan-activity;sid:83772000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908901)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"211.192.113.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908901/; classtype:trojan-activity;sid:83772001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908903)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.142.209.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908903/; classtype:trojan-activity;sid:83772003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908894)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"170.210.81.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908894/; classtype:trojan-activity;sid:83771994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906195)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906195/; classtype:trojan-activity;sid:83769295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905199)"; flow:established,from_client; content:"GET"; http_method; content:"/install_python3.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.206.151.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905199/; classtype:trojan-activity;sid:83768299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905145)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905145/; classtype:trojan-activity;sid:83768245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905125)"; flow:established,from_client; content:"GET"; http_method; content:"/pornhub_downloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905125/; classtype:trojan-activity;sid:83768225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905115)"; flow:established,from_client; content:"GET"; http_method; content:"/install_python3.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905115/; classtype:trojan-activity;sid:83768215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2901197)"; flow:established,from_client; content:"GET"; http_method; content:"/zwzonepieces/posapsi/master/chatlife.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_22; reference:url, urlhaus.abuse.ch/url/2901197/; classtype:trojan-activity;sid:83764297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2900550)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.118.121.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_21; reference:url, urlhaus.abuse.ch/url/2900550/; classtype:trojan-activity;sid:83763650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898814)"; flow:established,from_client; content:"GET"; http_method; content:"/fury-os/fury_kms/releases/download/v.1.6.0/furykms_v.1.6.0.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898814/; classtype:trojan-activity;sid:83761914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2897332)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.202.101.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2897332/; classtype:trojan-activity;sid:83760432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2894025)"; flow:established,from_client; content:"GET"; http_method; content:"/kailash-jakhar/webpack-v5-tutorial/main/quizpokemon.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_17; reference:url, urlhaus.abuse.ch/url/2894025/; classtype:trojan-activity;sid:83757125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2892223)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.19.13.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2892223/; classtype:trojan-activity;sid:83755323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2891702)"; flow:established,from_client; content:"GET"; http_method; content:"/u/software/%e6%89%93%e5%8d%b0%e4%bb%bb%e5%8a%a1%e6%b8%85%e9%99%a4%e5%99%a8.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"183.166.57.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2891702/; classtype:trojan-activity;sid:83754802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888479)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.215.245.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888479/; classtype:trojan-activity;sid:83751579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888476)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"59.175.183.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888476/; classtype:trojan-activity;sid:83751576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888469)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"222.244.110.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888469/; classtype:trojan-activity;sid:83751569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888463)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"118.178.133.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888463/; classtype:trojan-activity;sid:83751563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888459)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"112.27.189.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888459/; classtype:trojan-activity;sid:83751559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888444)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.67.254.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888444/; classtype:trojan-activity;sid:83751544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888440)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"139.159.155.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888440/; classtype:trojan-activity;sid:83751540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888438)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"139.159.155.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888438/; classtype:trojan-activity;sid:83751538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888430)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.157.17.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888430/; classtype:trojan-activity;sid:83751530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2885860)"; flow:established,from_client; content:"GET"; http_method; content:"/brunovale03/adegaads/main/offeredbuilt.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_13; reference:url, urlhaus.abuse.ch/url/2885860/; classtype:trojan-activity;sid:83748960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2883708)"; flow:established,from_client; content:"GET"; http_method; content:"/sirvivor32/sirvivor/main/lukejazz.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_11; reference:url, urlhaus.abuse.ch/url/2883708/; classtype:trojan-activity;sid:83746808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2881768)"; flow:established,from_client; content:"GET"; http_method; content:"/cg100/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_06_10; reference:url, urlhaus.abuse.ch/url/2881768/; classtype:trojan-activity;sid:83744868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879655)"; flow:established,from_client; content:"GET"; http_method; content:"/sharphound.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879655/; classtype:trojan-activity;sid:83742755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877890)"; flow:established,from_client; content:"GET"; http_method; content:"/ustaxes/ustaxes/files/15421286/2022and2023taxdocuments.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_07; reference:url, urlhaus.abuse.ch/url/2877890/; classtype:trojan-activity;sid:83740990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877319)"; flow:established,from_client; content:"GET"; http_method; content:"/slade107.psm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_06; reference:url, urlhaus.abuse.ch/url/2877319/; classtype:trojan-activity;sid:83740419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874107)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=19nonxskhmwbvfxpr2ccmwd9xrhz1ldco"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874107/; classtype:trojan-activity;sid:83737207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874102)"; flow:established,from_client; content:"GET"; http_method; content:"/walesboller.pcx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874102/; classtype:trojan-activity;sid:83737202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2873811)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.118.112.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2873811/; classtype:trojan-activity;sid:83736911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870237)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cqtygpx9gdoywntprwub0xbckivif6iy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870237/; classtype:trojan-activity;sid:83733337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wsqkirdngjlt8uu2lv9mzciks4my12jh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870235/; classtype:trojan-activity;sid:83733335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869849)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.91.25.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869849/; classtype:trojan-activity;sid:83732949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869844)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.25.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869844/; classtype:trojan-activity;sid:83732944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869702)"; flow:established,from_client; content:"GET"; http_method; content:"/sheksweet/sheksweet1/main/rambledmime.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869702/; classtype:trojan-activity;sid:83732802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868723)"; flow:established,from_client; content:"GET"; http_method; content:"/a.i_1003h.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"221.143.49.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868723/; classtype:trojan-activity;sid:83731823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867270)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed45sh/flutter-movie/master/crypted_c360a5b7.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867270/; classtype:trojan-activity;sid:83730370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867236)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed45sh/apple-replica-starter-files/master/apple-replica/zintask.exe"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867236/; classtype:trojan-activity;sid:83730336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865442)"; flow:established,from_client; content:"GET"; http_method; content:"/ggws_upload.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865442/; classtype:trojan-activity;sid:83728542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865272)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthbq.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865272/; classtype:trojan-activity;sid:83728372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865273)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthupload.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865273/; classtype:trojan-activity;sid:83728373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865241)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthupdate.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865241/; classtype:trojan-activity;sid:83728341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863372)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"221.10.233.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863372/; classtype:trojan-activity;sid:83726472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863363)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863363/; classtype:trojan-activity;sid:83726463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863341)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863341/; classtype:trojan-activity;sid:83726441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863342)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863342/; classtype:trojan-activity;sid:83726442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863346)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.43.19.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863346/; classtype:trojan-activity;sid:83726446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863328)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.135.42.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863328/; classtype:trojan-activity;sid:83726428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863333)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.77.57.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863333/; classtype:trojan-activity;sid:83726433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863334)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.49.168.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863334/; classtype:trojan-activity;sid:83726434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863321)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.135.42.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863321/; classtype:trojan-activity;sid:83726421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863322)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.135.42.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863322/; classtype:trojan-activity;sid:83726422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862520)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/varteyjw"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862520/; classtype:trojan-activity;sid:83725620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862050)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/8gikly"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862050/; classtype:trojan-activity;sid:83725150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862051)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/medjl1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862051/; classtype:trojan-activity;sid:83725151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862052)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/dy1f16"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862052/; classtype:trojan-activity;sid:83725152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862053)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/kx3wl4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862053/; classtype:trojan-activity;sid:83725153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862054)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/ppxodm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862054/; classtype:trojan-activity;sid:83725154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862055)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/e7opy8"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862055/; classtype:trojan-activity;sid:83725155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862056)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/7dhid7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862056/; classtype:trojan-activity;sid:83725156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862049)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/tbfvpd"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862049/; classtype:trojan-activity;sid:83725149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862046)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/6f2c5c"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862046/; classtype:trojan-activity;sid:83725146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862047)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/g2js91"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862047/; classtype:trojan-activity;sid:83725147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862044)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/lt00vw"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862044/; classtype:trojan-activity;sid:83725144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862045)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/i7tdbr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862045/; classtype:trojan-activity;sid:83725145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862043)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/3a9xj1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862043/; classtype:trojan-activity;sid:83725143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862042)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/wyg3h5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862042/; classtype:trojan-activity;sid:83725142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862022)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.3.211.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862022/; classtype:trojan-activity;sid:83725122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862020)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.216.105.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862020/; classtype:trojan-activity;sid:83725120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862016)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862016/; classtype:trojan-activity;sid:83725116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862017)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862017/; classtype:trojan-activity;sid:83725117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862004)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862004/; classtype:trojan-activity;sid:83725104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862007)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862007/; classtype:trojan-activity;sid:83725107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862009)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862009/; classtype:trojan-activity;sid:83725109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862010)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"166.144.131.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862010/; classtype:trojan-activity;sid:83725110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862014)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862014/; classtype:trojan-activity;sid:83725114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861998)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861998/; classtype:trojan-activity;sid:83725098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861987)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861987/; classtype:trojan-activity;sid:83725087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861978)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.165.122.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861978/; classtype:trojan-activity;sid:83725078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861979)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.208.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861979/; classtype:trojan-activity;sid:83725079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861982)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861982/; classtype:trojan-activity;sid:83725082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861985)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861985/; classtype:trojan-activity;sid:83725085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861962)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.125.243.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861962/; classtype:trojan-activity;sid:83725062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861971)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"132.255.192.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861971/; classtype:trojan-activity;sid:83725071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861972)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"39.175.56.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861972/; classtype:trojan-activity;sid:83725072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861974)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861974/; classtype:trojan-activity;sid:83725074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861956)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.26.194.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861956/; classtype:trojan-activity;sid:83725056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861957)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.208.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861957/; classtype:trojan-activity;sid:83725057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861958)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861958/; classtype:trojan-activity;sid:83725058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861959)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861959/; classtype:trojan-activity;sid:83725059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861951)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861951/; classtype:trojan-activity;sid:83725051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861946)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861946/; classtype:trojan-activity;sid:83725046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861948)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861948/; classtype:trojan-activity;sid:83725048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861949)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14stirling.dyndns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861949/; classtype:trojan-activity;sid:83725049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861919)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861919/; classtype:trojan-activity;sid:83725019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861923)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861923/; classtype:trojan-activity;sid:83725023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861927)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.82.83.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861927/; classtype:trojan-activity;sid:83725027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861929)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.230.215.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861929/; classtype:trojan-activity;sid:83725029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861930)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.134.214.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861930/; classtype:trojan-activity;sid:83725030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861931)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861931/; classtype:trojan-activity;sid:83725031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861932)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861932/; classtype:trojan-activity;sid:83725032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861935)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861935/; classtype:trojan-activity;sid:83725035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861939)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861939/; classtype:trojan-activity;sid:83725039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861940)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861940/; classtype:trojan-activity;sid:83725040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861941)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861941/; classtype:trojan-activity;sid:83725041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861943)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861943/; classtype:trojan-activity;sid:83725043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861945)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861945/; classtype:trojan-activity;sid:83725045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861914)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861914/; classtype:trojan-activity;sid:83725014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861888)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/dvbcvt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861888/; classtype:trojan-activity;sid:83724988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861887)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/exw2o1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861887/; classtype:trojan-activity;sid:83724987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861841)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861841/; classtype:trojan-activity;sid:83724941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861842)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861842/; classtype:trojan-activity;sid:83724942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861843)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861843/; classtype:trojan-activity;sid:83724943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861844)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861844/; classtype:trojan-activity;sid:83724944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861852)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861852/; classtype:trojan-activity;sid:83724952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861854)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861854/; classtype:trojan-activity;sid:83724954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861837)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861837/; classtype:trojan-activity;sid:83724937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861838)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861838/; classtype:trojan-activity;sid:83724938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861839)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861839/; classtype:trojan-activity;sid:83724939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861834)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.3.248.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861834/; classtype:trojan-activity;sid:83724934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861831)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.176.204.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861831/; classtype:trojan-activity;sid:83724931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861828)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.134.214.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861828/; classtype:trojan-activity;sid:83724928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861826)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861826/; classtype:trojan-activity;sid:83724926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861827)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"68.107.218.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861827/; classtype:trojan-activity;sid:83724927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861824)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861824/; classtype:trojan-activity;sid:83724924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861822)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861822/; classtype:trojan-activity;sid:83724922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861819)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861819/; classtype:trojan-activity;sid:83724919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861818)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.64.76.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861818/; classtype:trojan-activity;sid:83724918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861808)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861808/; classtype:trojan-activity;sid:83724908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861802)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861802/; classtype:trojan-activity;sid:83724902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861799)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861799/; classtype:trojan-activity;sid:83724899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861800)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861800/; classtype:trojan-activity;sid:83724900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861798)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"132.255.192.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861798/; classtype:trojan-activity;sid:83724898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861794)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861794/; classtype:trojan-activity;sid:83724894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861791)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.183.208.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861791/; classtype:trojan-activity;sid:83724891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861790)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861790/; classtype:trojan-activity;sid:83724890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861789)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.231.190.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861789/; classtype:trojan-activity;sid:83724889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861785)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861785/; classtype:trojan-activity;sid:83724885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861781)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861781/; classtype:trojan-activity;sid:83724881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861777)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861777/; classtype:trojan-activity;sid:83724877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861778)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861778/; classtype:trojan-activity;sid:83724878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861769)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.165.122.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861769/; classtype:trojan-activity;sid:83724869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861770)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861770/; classtype:trojan-activity;sid:83724870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861773)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861773/; classtype:trojan-activity;sid:83724873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861758)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861758/; classtype:trojan-activity;sid:83724858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861760)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861760/; classtype:trojan-activity;sid:83724860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861761)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861761/; classtype:trojan-activity;sid:83724861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861763)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861763/; classtype:trojan-activity;sid:83724863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861754)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861754/; classtype:trojan-activity;sid:83724854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861755)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861755/; classtype:trojan-activity;sid:83724855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861750)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861750/; classtype:trojan-activity;sid:83724850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861749)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861749/; classtype:trojan-activity;sid:83724849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861743)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861743/; classtype:trojan-activity;sid:83724843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861735)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861735/; classtype:trojan-activity;sid:83724835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861737)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861737/; classtype:trojan-activity;sid:83724837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861740)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861740/; classtype:trojan-activity;sid:83724840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861729)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861729/; classtype:trojan-activity;sid:83724829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861731)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"166.144.131.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861731/; classtype:trojan-activity;sid:83724831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861733)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861733/; classtype:trojan-activity;sid:83724833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861734)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861734/; classtype:trojan-activity;sid:83724834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861721)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861721/; classtype:trojan-activity;sid:83724821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861722)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"89.31.226.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861722/; classtype:trojan-activity;sid:83724822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861725)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861725/; classtype:trojan-activity;sid:83724825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861726)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861726/; classtype:trojan-activity;sid:83724826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861717)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"39.175.56.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861717/; classtype:trojan-activity;sid:83724817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861719)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.251.249.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861719/; classtype:trojan-activity;sid:83724819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861716)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.170.32.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861716/; classtype:trojan-activity;sid:83724816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861710)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.14.38.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861710/; classtype:trojan-activity;sid:83724810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861707)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861707/; classtype:trojan-activity;sid:83724807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861695)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.216.105.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861695/; classtype:trojan-activity;sid:83724795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861699)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861699/; classtype:trojan-activity;sid:83724799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861700)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"14stirling.dyndns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861700/; classtype:trojan-activity;sid:83724800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861682)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861682/; classtype:trojan-activity;sid:83724782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861685)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861685/; classtype:trojan-activity;sid:83724785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861689)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.125.243.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861689/; classtype:trojan-activity;sid:83724789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861692)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861692/; classtype:trojan-activity;sid:83724792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861693)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.3.248.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861693/; classtype:trojan-activity;sid:83724793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861680)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861680/; classtype:trojan-activity;sid:83724780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861675)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861675/; classtype:trojan-activity;sid:83724775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861670)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861670/; classtype:trojan-activity;sid:83724770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861666)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861666/; classtype:trojan-activity;sid:83724766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861667)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861667/; classtype:trojan-activity;sid:83724767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861657)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.173.70.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861657/; classtype:trojan-activity;sid:83724757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861659)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861659/; classtype:trojan-activity;sid:83724759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861661)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"212.3.211.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861661/; classtype:trojan-activity;sid:83724761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861643)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861643/; classtype:trojan-activity;sid:83724743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861640)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861640/; classtype:trojan-activity;sid:83724740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861641)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861641/; classtype:trojan-activity;sid:83724741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861633)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861633/; classtype:trojan-activity;sid:83724733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861636)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.47.248.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861636/; classtype:trojan-activity;sid:83724736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861629)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861629/; classtype:trojan-activity;sid:83724729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861628)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861628/; classtype:trojan-activity;sid:83724728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861626)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861626/; classtype:trojan-activity;sid:83724726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861615)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861615/; classtype:trojan-activity;sid:83724715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861616)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861616/; classtype:trojan-activity;sid:83724716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861620)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861620/; classtype:trojan-activity;sid:83724720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861622)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861622/; classtype:trojan-activity;sid:83724722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861595)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"82.148.194.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861595/; classtype:trojan-activity;sid:83724695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861597)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"69.75.168.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861597/; classtype:trojan-activity;sid:83724697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861598)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861598/; classtype:trojan-activity;sid:83724698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861600)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"223.82.83.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861600/; classtype:trojan-activity;sid:83724700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861601)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861601/; classtype:trojan-activity;sid:83724701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861603)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861603/; classtype:trojan-activity;sid:83724703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861606)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861606/; classtype:trojan-activity;sid:83724706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861609)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861609/; classtype:trojan-activity;sid:83724709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861610)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.183.208.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861610/; classtype:trojan-activity;sid:83724710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861592)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861592/; classtype:trojan-activity;sid:83724692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861586)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861586/; classtype:trojan-activity;sid:83724686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861582)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861582/; classtype:trojan-activity;sid:83724682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861568)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861568/; classtype:trojan-activity;sid:83724668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861569)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"113.160.251.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861569/; classtype:trojan-activity;sid:83724669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861573)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861573/; classtype:trojan-activity;sid:83724673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861577)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861577/; classtype:trojan-activity;sid:83724677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861556)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861556/; classtype:trojan-activity;sid:83724656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861559)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861559/; classtype:trojan-activity;sid:83724659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861562)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861562/; classtype:trojan-activity;sid:83724662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861553)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.230.215.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861553/; classtype:trojan-activity;sid:83724653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861554)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.26.194.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861554/; classtype:trojan-activity;sid:83724654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861555)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"88.123.92.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861555/; classtype:trojan-activity;sid:83724655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861549)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861549/; classtype:trojan-activity;sid:83724649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861547)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861547/; classtype:trojan-activity;sid:83724647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861543)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.231.190.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861543/; classtype:trojan-activity;sid:83724643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859508)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.148.194.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_22; reference:url, urlhaus.abuse.ch/url/2859508/; classtype:trojan-activity;sid:83722608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859495)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.86.222.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_22; reference:url, urlhaus.abuse.ch/url/2859495/; classtype:trojan-activity;sid:83722595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859027)"; flow:established,from_client; content:"GET"; http_method; content:"/ustaxes/ustaxes/files/15378217/all.2023.tax.documents.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2859027/; classtype:trojan-activity;sid:83722127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2858898)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.186.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2858898/; classtype:trojan-activity;sid:83721998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857904)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857904/; classtype:trojan-activity;sid:83721004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857892)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.3.248.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857892/; classtype:trojan-activity;sid:83720992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857874)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.86.136.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857874/; classtype:trojan-activity;sid:83720974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857875)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857875/; classtype:trojan-activity;sid:83720975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857872)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.196.121.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857872/; classtype:trojan-activity;sid:83720972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857868)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857868/; classtype:trojan-activity;sid:83720968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857861)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857861/; classtype:trojan-activity;sid:83720961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857850)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857850/; classtype:trojan-activity;sid:83720950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857851)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.87.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857851/; classtype:trojan-activity;sid:83720951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857849)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857849/; classtype:trojan-activity;sid:83720949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857844)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.2.229.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857844/; classtype:trojan-activity;sid:83720944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857837)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857837/; classtype:trojan-activity;sid:83720937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857838)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"149.62.200.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857838/; classtype:trojan-activity;sid:83720938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857834)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857834/; classtype:trojan-activity;sid:83720934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857822)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857822/; classtype:trojan-activity;sid:83720922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857819)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.71.51.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857819/; classtype:trojan-activity;sid:83720919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857820)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.31.226.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857820/; classtype:trojan-activity;sid:83720920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857813)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857813/; classtype:trojan-activity;sid:83720913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857809)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857809/; classtype:trojan-activity;sid:83720909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857804)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857804/; classtype:trojan-activity;sid:83720904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857802)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857802/; classtype:trojan-activity;sid:83720902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857795)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857795/; classtype:trojan-activity;sid:83720895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857794)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.107.218.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857794/; classtype:trojan-activity;sid:83720894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857788)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857788/; classtype:trojan-activity;sid:83720888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857785)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857785/; classtype:trojan-activity;sid:83720885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857778)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857778/; classtype:trojan-activity;sid:83720878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857771)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857771/; classtype:trojan-activity;sid:83720871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857772)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.75.168.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857772/; classtype:trojan-activity;sid:83720872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857762)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857762/; classtype:trojan-activity;sid:83720862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857754)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.123.92.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857754/; classtype:trojan-activity;sid:83720854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857747)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857747/; classtype:trojan-activity;sid:83720847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857749)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857749/; classtype:trojan-activity;sid:83720849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857730)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857730/; classtype:trojan-activity;sid:83720830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857717)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.86.136.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857717/; classtype:trojan-activity;sid:83720817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857719)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857719/; classtype:trojan-activity;sid:83720819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857708)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857708/; classtype:trojan-activity;sid:83720808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857704)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857704/; classtype:trojan-activity;sid:83720804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857699)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857699/; classtype:trojan-activity;sid:83720799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857696)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.241.90.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857696/; classtype:trojan-activity;sid:83720796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857692)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.173.70.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857692/; classtype:trojan-activity;sid:83720792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857693)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.10.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857693/; classtype:trojan-activity;sid:83720793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857689)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857689/; classtype:trojan-activity;sid:83720789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857687)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.160.251.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857687/; classtype:trojan-activity;sid:83720787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857679)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.154.123.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857679/; classtype:trojan-activity;sid:83720779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857671)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857671/; classtype:trojan-activity;sid:83720771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857672)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857672/; classtype:trojan-activity;sid:83720772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857669)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857669/; classtype:trojan-activity;sid:83720769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857666)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857666/; classtype:trojan-activity;sid:83720766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857660)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.251.249.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857660/; classtype:trojan-activity;sid:83720760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857653)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.87.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857653/; classtype:trojan-activity;sid:83720753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857654)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857654/; classtype:trojan-activity;sid:83720754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857651)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857651/; classtype:trojan-activity;sid:83720751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857652)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.170.32.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857652/; classtype:trojan-activity;sid:83720752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857642)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857642/; classtype:trojan-activity;sid:83720742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857634)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857634/; classtype:trojan-activity;sid:83720734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857630)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857630/; classtype:trojan-activity;sid:83720730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857626)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857626/; classtype:trojan-activity;sid:83720726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857620)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857620/; classtype:trojan-activity;sid:83720720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857613)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.86.136.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857613/; classtype:trojan-activity;sid:83720713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857610)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857610/; classtype:trojan-activity;sid:83720710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857607)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.86.136.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857607/; classtype:trojan-activity;sid:83720707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857600)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857600/; classtype:trojan-activity;sid:83720700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857601)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.93.103.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857601/; classtype:trojan-activity;sid:83720701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857602)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857602/; classtype:trojan-activity;sid:83720702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857590)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.10.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857590/; classtype:trojan-activity;sid:83720690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857586)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857586/; classtype:trojan-activity;sid:83720686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857587)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857587/; classtype:trojan-activity;sid:83720687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857584)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857584/; classtype:trojan-activity;sid:83720684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857580)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857580/; classtype:trojan-activity;sid:83720680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857582)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857582/; classtype:trojan-activity;sid:83720682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857573)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.14.38.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857573/; classtype:trojan-activity;sid:83720673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857570)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857570/; classtype:trojan-activity;sid:83720670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857561)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857561/; classtype:trojan-activity;sid:83720661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857553)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857553/; classtype:trojan-activity;sid:83720653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857551)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857551/; classtype:trojan-activity;sid:83720651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857545)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857545/; classtype:trojan-activity;sid:83720645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857543)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857543/; classtype:trojan-activity;sid:83720643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857539)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.10.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857539/; classtype:trojan-activity;sid:83720639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857535)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.20.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857535/; classtype:trojan-activity;sid:83720635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857526)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857526/; classtype:trojan-activity;sid:83720626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857527)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857527/; classtype:trojan-activity;sid:83720627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857521)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.126.129.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857521/; classtype:trojan-activity;sid:83720621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857522)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.64.76.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857522/; classtype:trojan-activity;sid:83720622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857524)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857524/; classtype:trojan-activity;sid:83720624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857525)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857525/; classtype:trojan-activity;sid:83720625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857510)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.93.103.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857510/; classtype:trojan-activity;sid:83720610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857509)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857509/; classtype:trojan-activity;sid:83720609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857502)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857502/; classtype:trojan-activity;sid:83720602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857496)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857496/; classtype:trojan-activity;sid:83720596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857498)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857498/; classtype:trojan-activity;sid:83720598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857493)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857493/; classtype:trojan-activity;sid:83720593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857483)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857483/; classtype:trojan-activity;sid:83720583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857484)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857484/; classtype:trojan-activity;sid:83720584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857485)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.196.121.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857485/; classtype:trojan-activity;sid:83720585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857486)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857486/; classtype:trojan-activity;sid:83720586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857481)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857481/; classtype:trojan-activity;sid:83720581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857468)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.222.113.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857468/; classtype:trojan-activity;sid:83720568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857464)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857464/; classtype:trojan-activity;sid:83720564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857465)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857465/; classtype:trojan-activity;sid:83720565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857463)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857463/; classtype:trojan-activity;sid:83720563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857444)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857444/; classtype:trojan-activity;sid:83720544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857447)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857447/; classtype:trojan-activity;sid:83720547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857448)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857448/; classtype:trojan-activity;sid:83720548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857459)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.65.37.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857459/; classtype:trojan-activity;sid:83720559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857437)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.238.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857437/; classtype:trojan-activity;sid:83720537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2856551)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.223.60.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2856551/; classtype:trojan-activity;sid:83719651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2854636)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig-6.18.0-linux-x64.tar.gz"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"46.231.32.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_18; reference:url, urlhaus.abuse.ch/url/2854636/; classtype:trojan-activity;sid:83717736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2852772)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.30.12.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_17; reference:url, urlhaus.abuse.ch/url/2852772/; classtype:trojan-activity;sid:83715872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2850173)"; flow:established,from_client; content:"GET"; http_method; content:"/990_ota.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"59.59.6.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_14; reference:url, urlhaus.abuse.ch/url/2850173/; classtype:trojan-activity;sid:83713273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2846768)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/css/setup.msi"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"zenglobalenerji.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_11; reference:url, urlhaus.abuse.ch/url/2846768/; classtype:trojan-activity;sid:83709868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845681)"; flow:established,from_client; content:"GET"; http_method; content:"/app/filesrc/android/apk/2023/zonghengxsandroid_7.5.6.63_zh-zhh5.apk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"static.zongheng.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845681/; classtype:trojan-activity;sid:83708781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843557)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/is2kceh3"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843557/; classtype:trojan-activity;sid:83706657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842725)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842725/; classtype:trojan-activity;sid:83705825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842722)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.116.62.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842722/; classtype:trojan-activity;sid:83705822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842663)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"162.194.8.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842663/; classtype:trojan-activity;sid:83705763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842655)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.92.29.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842655/; classtype:trojan-activity;sid:83705755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842650)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.35.49.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842650/; classtype:trojan-activity;sid:83705750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.208.56.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842419/; classtype:trojan-activity;sid:83705519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.92.29.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842405/; classtype:trojan-activity;sid:83705505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842081)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.205.81.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842081/; classtype:trojan-activity;sid:83705181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842063)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"105.112.83.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842063/; classtype:trojan-activity;sid:83705163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842062)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.151.34.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842062/; classtype:trojan-activity;sid:83705162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842036)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.245.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842036/; classtype:trojan-activity;sid:83705136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842037)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.37.170.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842037/; classtype:trojan-activity;sid:83705137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842029)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.109.205.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842029/; classtype:trojan-activity;sid:83705129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842030)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"172.85.143.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842030/; classtype:trojan-activity;sid:83705130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842033)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.192.22.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842033/; classtype:trojan-activity;sid:83705133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842018)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.80.77.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842018/; classtype:trojan-activity;sid:83705118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842006)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.51.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842006/; classtype:trojan-activity;sid:83705106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842007)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.107.232.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842007/; classtype:trojan-activity;sid:83705107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841990)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.231.247.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841990/; classtype:trojan-activity;sid:83705090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841995)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841995/; classtype:trojan-activity;sid:83705095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841987)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.87.223.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841987/; classtype:trojan-activity;sid:83705087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841975)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.65.80.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841975/; classtype:trojan-activity;sid:83705075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841976)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.249.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841976/; classtype:trojan-activity;sid:83705076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841953)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.209.184.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841953/; classtype:trojan-activity;sid:83705053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841954)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.209.184.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841954/; classtype:trojan-activity;sid:83705054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841942)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.9.14.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841942/; classtype:trojan-activity;sid:83705042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841941)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841941/; classtype:trojan-activity;sid:83705041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841929)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"159.224.143.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841929/; classtype:trojan-activity;sid:83705029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841932)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.145.123.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841932/; classtype:trojan-activity;sid:83705032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841807)"; flow:established,from_client; content:"GET"; http_method; content:"/cryptography_module_windows.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"122.170.110.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841807/; classtype:trojan-activity;sid:83704907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841712/; classtype:trojan-activity;sid:83704812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.9.14.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841706/; classtype:trojan-activity;sid:83704806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.87.223.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841705/; classtype:trojan-activity;sid:83704805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.151.34.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841683/; classtype:trojan-activity;sid:83704783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.65.80.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841684/; classtype:trojan-activity;sid:83704784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.112.83.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841680/; classtype:trojan-activity;sid:83704780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.80.77.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841656/; classtype:trojan-activity;sid:83704756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.145.123.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841644/; classtype:trojan-activity;sid:83704744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841631/; classtype:trojan-activity;sid:83704731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.151.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841621/; classtype:trojan-activity;sid:83704721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.209.184.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841624/; classtype:trojan-activity;sid:83704724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.245.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841613/; classtype:trojan-activity;sid:83704713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.192.22.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841604/; classtype:trojan-activity;sid:83704704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.209.184.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841608/; classtype:trojan-activity;sid:83704708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.205.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841609/; classtype:trojan-activity;sid:83704709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.51.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841602/; classtype:trojan-activity;sid:83704702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.231.247.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841603/; classtype:trojan-activity;sid:83704703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"144.48.170.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841594/; classtype:trojan-activity;sid:83704694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"172.85.143.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841586/; classtype:trojan-activity;sid:83704686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"159.224.143.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841581/; classtype:trojan-activity;sid:83704681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.249.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841576/; classtype:trojan-activity;sid:83704676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.107.232.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841573/; classtype:trojan-activity;sid:83704673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.145.205.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841570/; classtype:trojan-activity;sid:83704670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837354)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"61.83.215.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837354/; classtype:trojan-activity;sid:83700454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837116)"; flow:established,from_client; content:"GET"; http_method; content:"/ag_injector_latest.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dl.aginjector.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837116/; classtype:trojan-activity;sid:83700216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836854)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.146.202.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836854/; classtype:trojan-activity;sid:83699954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836844)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"195.211.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836844/; classtype:trojan-activity;sid:83699944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834467)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.249.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834467/; classtype:trojan-activity;sid:83697567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834442)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834442/; classtype:trojan-activity;sid:83697542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834400)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834400/; classtype:trojan-activity;sid:83697500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834387)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834387/; classtype:trojan-activity;sid:83697487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834372)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834372/; classtype:trojan-activity;sid:83697472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833916)"; flow:established,from_client; content:"GET"; http_method; content:"/frexoff/efefwefwwf/main/cock.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833916/; classtype:trojan-activity;sid:83697016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833904)"; flow:established,from_client; content:"GET"; http_method; content:"/frexoff/efefwefwwf/raw/main/cock.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833904/; classtype:trojan-activity;sid:83697004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830963)"; flow:established,from_client; content:"GET"; http_method; content:"/kampfkarren/roblox/files/15001743/roexec.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830963/; classtype:trojan-activity;sid:83694063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830955)"; flow:established,from_client; content:"GET"; http_method; content:"/delta-io/delta/files/15016110/delta.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830955/; classtype:trojan-activity;sid:83694055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828325)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"antvietnam.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828325/; classtype:trojan-activity;sid:83691425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827204)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"yahyacarpet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827204/; classtype:trojan-activity;sid:83690304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827195)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"antvietnam.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827195/; classtype:trojan-activity;sid:83690295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827186)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/wp-content/plugins/user-private-files/shared/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"vegasnights.co.za"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827186/; classtype:trojan-activity;sid:83690286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827181)"; flow:established,from_client; content:"GET"; http_method; content:"/projects/visioncrystal/wp-content/plugins/user-private-files/shared/"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"www.websitedesigningindia.biz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827181/; classtype:trojan-activity;sid:83690281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824078)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win64-setup-unsigned.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824078/; classtype:trojan-activity;sid:83687178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824079)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-osx-unsigned.dmg"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824079/; classtype:trojan-activity;sid:83687179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824077)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win32-setup-unsigned.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824077/; classtype:trojan-activity;sid:83687177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823256)"; flow:established,from_client; content:"GET"; http_method; content:"/imtoken.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"imtoken8.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823256/; classtype:trojan-activity;sid:83686356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823150)"; flow:established,from_client; content:"GET"; http_method; content:"/y-steamworks.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"117.50.194.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823150/; classtype:trojan-activity;sid:83686250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822909)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.89.188.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822909/; classtype:trojan-activity;sid:83686009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822908)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.30.85.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822908/; classtype:trojan-activity;sid:83686008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822907)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822907/; classtype:trojan-activity;sid:83686007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822891)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.28.58.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822891/; classtype:trojan-activity;sid:83685991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822895)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.252.66.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822895/; classtype:trojan-activity;sid:83685995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822881)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.154.131.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822881/; classtype:trojan-activity;sid:83685981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822882)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.141.135.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822882/; classtype:trojan-activity;sid:83685982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822876)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.76.195.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822876/; classtype:trojan-activity;sid:83685976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822865)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"12.148.208.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822865/; classtype:trojan-activity;sid:83685965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822867)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.65.15.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822867/; classtype:trojan-activity;sid:83685967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822872)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"141.101.226.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822872/; classtype:trojan-activity;sid:83685972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822873)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.148.20.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822873/; classtype:trojan-activity;sid:83685973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822862)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.128.195.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822862/; classtype:trojan-activity;sid:83685962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822847)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822847/; classtype:trojan-activity;sid:83685947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822834)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.154.187.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822834/; classtype:trojan-activity;sid:83685934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822821)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.210.217.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822821/; classtype:trojan-activity;sid:83685921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822824)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.227.118.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822824/; classtype:trojan-activity;sid:83685924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822825)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.94.245.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822825/; classtype:trojan-activity;sid:83685925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822828)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"122.201.25.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822828/; classtype:trojan-activity;sid:83685928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822830)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"167.250.193.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822830/; classtype:trojan-activity;sid:83685930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822809)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822809/; classtype:trojan-activity;sid:83685909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822811)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.200.72.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822811/; classtype:trojan-activity;sid:83685911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822819)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.114.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822819/; classtype:trojan-activity;sid:83685919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822797)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.131.81.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822797/; classtype:trojan-activity;sid:83685897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822794)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822794/; classtype:trojan-activity;sid:83685894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822782)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.154.135.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822782/; classtype:trojan-activity;sid:83685882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822791)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.101.130.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822791/; classtype:trojan-activity;sid:83685891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822792)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822792/; classtype:trojan-activity;sid:83685892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822772)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.210.50.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822772/; classtype:trojan-activity;sid:83685872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822774)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.5.61.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822774/; classtype:trojan-activity;sid:83685874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822763)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822763/; classtype:trojan-activity;sid:83685863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822757)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.244.112.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822757/; classtype:trojan-activity;sid:83685857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822754)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.175.223.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822754/; classtype:trojan-activity;sid:83685854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822755)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.1.157.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822755/; classtype:trojan-activity;sid:83685855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822751)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.42.201.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822751/; classtype:trojan-activity;sid:83685851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822746)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.190.142.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822746/; classtype:trojan-activity;sid:83685846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822734)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.28.58.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822734/; classtype:trojan-activity;sid:83685834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822735)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822735/; classtype:trojan-activity;sid:83685835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822744)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.184.231.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822744/; classtype:trojan-activity;sid:83685844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822731)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.101.239.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822731/; classtype:trojan-activity;sid:83685831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822719)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"102.216.69.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822719/; classtype:trojan-activity;sid:83685819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822721)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.193.120.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822721/; classtype:trojan-activity;sid:83685821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822724)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822724/; classtype:trojan-activity;sid:83685824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822726)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.41.63.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822726/; classtype:trojan-activity;sid:83685826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822715)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.159.8.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822715/; classtype:trojan-activity;sid:83685815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822711)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822711/; classtype:trojan-activity;sid:83685811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822695)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.228.135.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822695/; classtype:trojan-activity;sid:83685795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822698)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"98.103.171.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822698/; classtype:trojan-activity;sid:83685798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822704)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.91.171.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822704/; classtype:trojan-activity;sid:83685804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822691)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822691/; classtype:trojan-activity;sid:83685791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822694)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.105.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822694/; classtype:trojan-activity;sid:83685794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822674)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.156.46.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822674/; classtype:trojan-activity;sid:83685774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822671)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.197.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822671/; classtype:trojan-activity;sid:83685771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822661)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.55.247.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822661/; classtype:trojan-activity;sid:83685761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822646)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.19.172.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822646/; classtype:trojan-activity;sid:83685746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822650)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.129.2.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822650/; classtype:trojan-activity;sid:83685750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822657)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.100.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822657/; classtype:trojan-activity;sid:83685757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822638)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.183.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822638/; classtype:trojan-activity;sid:83685738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822632)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.227.22.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822632/; classtype:trojan-activity;sid:83685732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822619)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.154.93.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822619/; classtype:trojan-activity;sid:83685719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822620)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822620/; classtype:trojan-activity;sid:83685720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822603)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.113.141.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822603/; classtype:trojan-activity;sid:83685703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822606)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.216.100.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822606/; classtype:trojan-activity;sid:83685706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822612)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822612/; classtype:trojan-activity;sid:83685712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822616)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.109.201.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822616/; classtype:trojan-activity;sid:83685716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822592)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.211.252.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822592/; classtype:trojan-activity;sid:83685692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822596)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.99.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822596/; classtype:trojan-activity;sid:83685696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822575)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.4.222.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822575/; classtype:trojan-activity;sid:83685675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822583)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822583/; classtype:trojan-activity;sid:83685683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822585)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.89.199.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822585/; classtype:trojan-activity;sid:83685685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822570)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.5.19.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822570/; classtype:trojan-activity;sid:83685670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822555)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.71.46.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822555/; classtype:trojan-activity;sid:83685655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822553)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.0.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822553/; classtype:trojan-activity;sid:83685653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822548)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822548/; classtype:trojan-activity;sid:83685648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822549)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822549/; classtype:trojan-activity;sid:83685649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822536)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.228.134.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822536/; classtype:trojan-activity;sid:83685636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822538)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"66.181.166.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822538/; classtype:trojan-activity;sid:83685638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822530)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.64.96.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822530/; classtype:trojan-activity;sid:83685630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822532)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.100.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822532/; classtype:trojan-activity;sid:83685632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822518)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.124.33.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822518/; classtype:trojan-activity;sid:83685618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822512)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822512/; classtype:trojan-activity;sid:83685612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822514)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"136.169.119.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822514/; classtype:trojan-activity;sid:83685614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822517)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.66.105.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822517/; classtype:trojan-activity;sid:83685617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822506)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.232.188.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822506/; classtype:trojan-activity;sid:83685606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822488)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822488/; classtype:trojan-activity;sid:83685588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822478)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822478/; classtype:trojan-activity;sid:83685578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822482)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.216.28.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822482/; classtype:trojan-activity;sid:83685582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822485)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.134.42.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822485/; classtype:trojan-activity;sid:83685585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822468)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.91.144.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822468/; classtype:trojan-activity;sid:83685568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822477)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.5.50.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822477/; classtype:trojan-activity;sid:83685577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822462)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822462/; classtype:trojan-activity;sid:83685562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822451)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.214.241.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822451/; classtype:trojan-activity;sid:83685551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822429)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.94.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822429/; classtype:trojan-activity;sid:83685529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822432)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.71.69.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822432/; classtype:trojan-activity;sid:83685532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822416)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.6.74.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822416/; classtype:trojan-activity;sid:83685516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822417)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.15.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822417/; classtype:trojan-activity;sid:83685517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822411)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.111.14.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822411/; classtype:trojan-activity;sid:83685511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822407)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.106.58.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822407/; classtype:trojan-activity;sid:83685507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822401)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.189.222.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822401/; classtype:trojan-activity;sid:83685501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822405)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.157.212.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822405/; classtype:trojan-activity;sid:83685505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822388)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.252.69.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822388/; classtype:trojan-activity;sid:83685488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822389)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822389/; classtype:trojan-activity;sid:83685489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822390)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.119.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822390/; classtype:trojan-activity;sid:83685490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822395)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"47.50.169.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822395/; classtype:trojan-activity;sid:83685495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822396)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822396/; classtype:trojan-activity;sid:83685496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822383)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.40.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822383/; classtype:trojan-activity;sid:83685483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822384)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822384/; classtype:trojan-activity;sid:83685484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822385)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.114.200.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822385/; classtype:trojan-activity;sid:83685485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822372)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.84.212.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822372/; classtype:trojan-activity;sid:83685472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822373)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.97.190.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822373/; classtype:trojan-activity;sid:83685473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822374)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.100.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822374/; classtype:trojan-activity;sid:83685474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822367)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.244.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822367/; classtype:trojan-activity;sid:83685467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822356)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.143.133.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822356/; classtype:trojan-activity;sid:83685456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822357)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"139.255.67.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822357/; classtype:trojan-activity;sid:83685457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822364)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.211.197.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822364/; classtype:trojan-activity;sid:83685464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822353)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822353/; classtype:trojan-activity;sid:83685453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822355)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.127.105.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822355/; classtype:trojan-activity;sid:83685455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822345)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.200.203.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822345/; classtype:trojan-activity;sid:83685445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822346)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.117.197.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822346/; classtype:trojan-activity;sid:83685446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822337)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.68.95.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822337/; classtype:trojan-activity;sid:83685437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822331)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"131.108.39.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822331/; classtype:trojan-activity;sid:83685431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822334)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.207.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822334/; classtype:trojan-activity;sid:83685434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822330)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.161.217.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822330/; classtype:trojan-activity;sid:83685430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822325)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.193.62.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822325/; classtype:trojan-activity;sid:83685425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822318)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"66.198.193.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822318/; classtype:trojan-activity;sid:83685418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822321)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.175.42.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822321/; classtype:trojan-activity;sid:83685421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822316)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.73.242.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822316/; classtype:trojan-activity;sid:83685416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822303)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"146.66.164.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822303/; classtype:trojan-activity;sid:83685403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822304)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.28.11.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822304/; classtype:trojan-activity;sid:83685404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822308)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"115.245.112.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822308/; classtype:trojan-activity;sid:83685408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822302)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.73.49.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822302/; classtype:trojan-activity;sid:83685402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822294)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"75.136.50.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822294/; classtype:trojan-activity;sid:83685394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822295)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.0.131.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822295/; classtype:trojan-activity;sid:83685395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822286)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.237.250.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822286/; classtype:trojan-activity;sid:83685386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822287)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.236.46.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822287/; classtype:trojan-activity;sid:83685387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822268)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.122.96.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822268/; classtype:trojan-activity;sid:83685368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822270)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.90.207.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822270/; classtype:trojan-activity;sid:83685370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822263)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.228.64.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822263/; classtype:trojan-activity;sid:83685363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822255)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822255/; classtype:trojan-activity;sid:83685355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822259)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.90.207.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822259/; classtype:trojan-activity;sid:83685359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822249)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.215.23.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822249/; classtype:trojan-activity;sid:83685349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822250)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.117.210.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822250/; classtype:trojan-activity;sid:83685350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822239)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.193.97.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822239/; classtype:trojan-activity;sid:83685339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822240)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.28.58.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822240/; classtype:trojan-activity;sid:83685340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822244)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.7.160.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822244/; classtype:trojan-activity;sid:83685344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822234)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.193.118.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822234/; classtype:trojan-activity;sid:83685334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822227)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.155.64.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822227/; classtype:trojan-activity;sid:83685327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822218)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.214.31.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822218/; classtype:trojan-activity;sid:83685318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822204)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.157.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822204/; classtype:trojan-activity;sid:83685304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822207)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822207/; classtype:trojan-activity;sid:83685307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822196)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.40.84.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822196/; classtype:trojan-activity;sid:83685296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822197)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.186.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822197/; classtype:trojan-activity;sid:83685297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822198)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.163.57.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822198/; classtype:trojan-activity;sid:83685298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822199)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.52.94.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822199/; classtype:trojan-activity;sid:83685299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822192)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.255.164.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822192/; classtype:trojan-activity;sid:83685292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822186)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.168.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822186/; classtype:trojan-activity;sid:83685286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822189)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822189/; classtype:trojan-activity;sid:83685289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822190)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822190/; classtype:trojan-activity;sid:83685290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822184)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.187.151.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822184/; classtype:trojan-activity;sid:83685284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822173)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822173/; classtype:trojan-activity;sid:83685273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822178)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.60.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822178/; classtype:trojan-activity;sid:83685278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822162)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.62.233.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822162/; classtype:trojan-activity;sid:83685262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822163)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"180.250.160.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822163/; classtype:trojan-activity;sid:83685263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822165)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.186.82.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822165/; classtype:trojan-activity;sid:83685265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822167)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822167/; classtype:trojan-activity;sid:83685267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822168)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.190.20.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822168/; classtype:trojan-activity;sid:83685268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822169)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.34.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822169/; classtype:trojan-activity;sid:83685269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822153)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.52.86.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822153/; classtype:trojan-activity;sid:83685253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822155)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.18.223.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822155/; classtype:trojan-activity;sid:83685255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822142)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.44.110.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822142/; classtype:trojan-activity;sid:83685242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822140)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.211.8.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822140/; classtype:trojan-activity;sid:83685240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822138)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.191.123.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822138/; classtype:trojan-activity;sid:83685238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822129)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.107.205.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822129/; classtype:trojan-activity;sid:83685229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822131)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.162.141.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822131/; classtype:trojan-activity;sid:83685231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822132)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822132/; classtype:trojan-activity;sid:83685232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822117)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.7.20.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822117/; classtype:trojan-activity;sid:83685217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822121)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822121/; classtype:trojan-activity;sid:83685221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822123)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822123/; classtype:trojan-activity;sid:83685223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822101)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.65.35.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822101/; classtype:trojan-activity;sid:83685201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822102)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822102/; classtype:trojan-activity;sid:83685202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822107)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822107/; classtype:trojan-activity;sid:83685207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822096)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.28.58.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822096/; classtype:trojan-activity;sid:83685196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822088)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.122.210.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822088/; classtype:trojan-activity;sid:83685188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822091)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.62.179.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822091/; classtype:trojan-activity;sid:83685191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822077)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.4.44.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822077/; classtype:trojan-activity;sid:83685177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822067)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.203.218.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822067/; classtype:trojan-activity;sid:83685167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822064)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822064/; classtype:trojan-activity;sid:83685164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822058)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.137.36.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822058/; classtype:trojan-activity;sid:83685158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822044)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822044/; classtype:trojan-activity;sid:83685144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822046)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.175.189.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822046/; classtype:trojan-activity;sid:83685146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822039)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.48.119.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822039/; classtype:trojan-activity;sid:83685139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822041)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.115.103.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822041/; classtype:trojan-activity;sid:83685141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822017)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.194.25.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822017/; classtype:trojan-activity;sid:83685117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822014)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822014/; classtype:trojan-activity;sid:83685114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821996)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.230.158.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821996/; classtype:trojan-activity;sid:83685096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822001)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.101.130.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822001/; classtype:trojan-activity;sid:83685101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822004)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822004/; classtype:trojan-activity;sid:83685104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821981)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.83.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821981/; classtype:trojan-activity;sid:83685081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821983)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.242.106.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821983/; classtype:trojan-activity;sid:83685083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821976)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821976/; classtype:trojan-activity;sid:83685076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821977)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821977/; classtype:trojan-activity;sid:83685077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821970)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.247.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821970/; classtype:trojan-activity;sid:83685070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821961)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.93.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821961/; classtype:trojan-activity;sid:83685061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821963)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.204.154.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821963/; classtype:trojan-activity;sid:83685063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821965)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.108.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821965/; classtype:trojan-activity;sid:83685065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821959)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821959/; classtype:trojan-activity;sid:83685059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821960)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.133.95.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821960/; classtype:trojan-activity;sid:83685060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821952)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.139.153.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821952/; classtype:trojan-activity;sid:83685052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821941)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.56.164.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821941/; classtype:trojan-activity;sid:83685041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821942)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821942/; classtype:trojan-activity;sid:83685042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821944)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.177.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821944/; classtype:trojan-activity;sid:83685044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821929)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.30.234.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821929/; classtype:trojan-activity;sid:83685029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821934)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.53.164.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821934/; classtype:trojan-activity;sid:83685034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821935)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.127.112.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821935/; classtype:trojan-activity;sid:83685035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821939)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.193.59.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821939/; classtype:trojan-activity;sid:83685039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821925)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.111.119.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821925/; classtype:trojan-activity;sid:83685025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821918)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.126.195.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821918/; classtype:trojan-activity;sid:83685018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821911)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"120.50.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821911/; classtype:trojan-activity;sid:83685011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.4.222.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821863/; classtype:trojan-activity;sid:83684963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.43.228.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821854/; classtype:trojan-activity;sid:83684954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.182.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821851/; classtype:trojan-activity;sid:83684951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.183.186.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821834/; classtype:trojan-activity;sid:83684934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821836/; classtype:trojan-activity;sid:83684936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.155.64.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821838/; classtype:trojan-activity;sid:83684938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.148.20.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821829/; classtype:trojan-activity;sid:83684929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.0.131.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821818/; classtype:trojan-activity;sid:83684918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.41.63.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821800/; classtype:trojan-activity;sid:83684900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821802/; classtype:trojan-activity;sid:83684902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.159.8.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821803/; classtype:trojan-activity;sid:83684903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.7.20.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821789/; classtype:trojan-activity;sid:83684889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"75.136.50.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821790/; classtype:trojan-activity;sid:83684890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.175.134.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821776/; classtype:trojan-activity;sid:83684876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.55.98.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821777/; classtype:trojan-activity;sid:83684877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.236.46.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821772/; classtype:trojan-activity;sid:83684872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.190.20.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821765/; classtype:trojan-activity;sid:83684865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.124.33.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821764/; classtype:trojan-activity;sid:83684864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821760/; classtype:trojan-activity;sid:83684860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.2.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821762/; classtype:trojan-activity;sid:83684862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821754/; classtype:trojan-activity;sid:83684854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.211.252.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821755/; classtype:trojan-activity;sid:83684855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.18.223.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821751/; classtype:trojan-activity;sid:83684851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.126.195.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821744/; classtype:trojan-activity;sid:83684844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.4.44.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821735/; classtype:trojan-activity;sid:83684835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.100.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821736/; classtype:trojan-activity;sid:83684836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.53.164.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821729/; classtype:trojan-activity;sid:83684829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.154.187.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821732/; classtype:trojan-activity;sid:83684832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.5.19.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821722/; classtype:trojan-activity;sid:83684822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.115.103.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821723/; classtype:trojan-activity;sid:83684823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.237.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821706/; classtype:trojan-activity;sid:83684806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.117.210.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821710/; classtype:trojan-activity;sid:83684810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.50.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821693/; classtype:trojan-activity;sid:83684793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.106.58.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821697/; classtype:trojan-activity;sid:83684797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.186.82.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821699/; classtype:trojan-activity;sid:83684799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.184.231.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821677/; classtype:trojan-activity;sid:83684777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.137.36.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821670/; classtype:trojan-activity;sid:83684770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821660/; classtype:trojan-activity;sid:83684760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821657/; classtype:trojan-activity;sid:83684757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.109.201.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821659/; classtype:trojan-activity;sid:83684759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.252.66.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821646/; classtype:trojan-activity;sid:83684746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.193.59.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821639/; classtype:trojan-activity;sid:83684739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821629/; classtype:trojan-activity;sid:83684729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.94.245.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821633/; classtype:trojan-activity;sid:83684733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.65.35.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821634/; classtype:trojan-activity;sid:83684734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.158.95.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821636/; classtype:trojan-activity;sid:83684736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821619/; classtype:trojan-activity;sid:83684719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.237.250.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821625/; classtype:trojan-activity;sid:83684725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"167.250.193.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821627/; classtype:trojan-activity;sid:83684727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821616/; classtype:trojan-activity;sid:83684716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821597/; classtype:trojan-activity;sid:83684697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.68.95.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821599/; classtype:trojan-activity;sid:83684699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.134.42.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821595/; classtype:trojan-activity;sid:83684695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.66.105.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821583/; classtype:trojan-activity;sid:83684683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.52.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820656/; classtype:trojan-activity;sid:83683756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.5.52.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820657/; classtype:trojan-activity;sid:83683757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.218.152.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820658/; classtype:trojan-activity;sid:83683758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820623)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/esa0xclp"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820623/; classtype:trojan-activity;sid:83683723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.52.86.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818988/; classtype:trojan-activity;sid:83682088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.241.19.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818986/; classtype:trojan-activity;sid:83682086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818983/; classtype:trojan-activity;sid:83682083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.76.195.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818969/; classtype:trojan-activity;sid:83682069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818963/; classtype:trojan-activity;sid:83682063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.114.191.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818966/; classtype:trojan-activity;sid:83682066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.252.69.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818946/; classtype:trojan-activity;sid:83682046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.137.36.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818930/; classtype:trojan-activity;sid:83682030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818931/; classtype:trojan-activity;sid:83682031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.113.141.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818932/; classtype:trojan-activity;sid:83682032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.41.225.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818915/; classtype:trojan-activity;sid:83682015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.143.133.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818920/; classtype:trojan-activity;sid:83682020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.73.49.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818905/; classtype:trojan-activity;sid:83682005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.202.49.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818899/; classtype:trojan-activity;sid:83681999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.133.95.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818884/; classtype:trojan-activity;sid:83681984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818881/; classtype:trojan-activity;sid:83681981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.232.188.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818877/; classtype:trojan-activity;sid:83681977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.127.112.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818874/; classtype:trojan-activity;sid:83681974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.94.9.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818867/; classtype:trojan-activity;sid:83681967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.111.14.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818868/; classtype:trojan-activity;sid:83681968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.215.23.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818865/; classtype:trojan-activity;sid:83681965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.127.105.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818866/; classtype:trojan-activity;sid:83681966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.181.166.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818861/; classtype:trojan-activity;sid:83681961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.31.28.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818864/; classtype:trojan-activity;sid:83681964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.113.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818852/; classtype:trojan-activity;sid:83681952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.40.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818853/; classtype:trojan-activity;sid:83681953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.122.210.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818845/; classtype:trojan-activity;sid:83681945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.194.46.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818833/; classtype:trojan-activity;sid:83681933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.52.94.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818837/; classtype:trojan-activity;sid:83681937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.55.247.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818841/; classtype:trojan-activity;sid:83681941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818843/; classtype:trojan-activity;sid:83681943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.94.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818828/; classtype:trojan-activity;sid:83681928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.102.177.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818823/; classtype:trojan-activity;sid:83681923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"136.169.119.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818826/; classtype:trojan-activity;sid:83681926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.161.217.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818797/; classtype:trojan-activity;sid:83681897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818798/; classtype:trojan-activity;sid:83681898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.40.84.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818800/; classtype:trojan-activity;sid:83681900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.227.22.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818803/; classtype:trojan-activity;sid:83681903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"130.204.154.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818775/; classtype:trojan-activity;sid:83681875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818777/; classtype:trojan-activity;sid:83681877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.114.200.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818778/; classtype:trojan-activity;sid:83681878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.203.218.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818772/; classtype:trojan-activity;sid:83681872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.108.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818238/; classtype:trojan-activity;sid:83681338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817357)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1w6j0xeptoliyrblijhnxbm_qnnoptzfw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817357/; classtype:trojan-activity;sid:83680457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817239)"; flow:established,from_client; content:"GET"; http_method; content:"/pbhhdf/12/raw/main/keepvid-pro_full2578.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817239/; classtype:trojan-activity;sid:83680339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814157)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/full-nelson.c"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"vulnfactory.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814157/; classtype:trojan-activity;sid:83677257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.162.141.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814129/; classtype:trojan-activity;sid:83677229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814127/; classtype:trojan-activity;sid:83677227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.250.160.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814128/; classtype:trojan-activity;sid:83677228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.71.46.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814117/; classtype:trojan-activity;sid:83677217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.113.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814122/; classtype:trojan-activity;sid:83677222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814108/; classtype:trojan-activity;sid:83677208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.133.214.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814109/; classtype:trojan-activity;sid:83677209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.126.186.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814105/; classtype:trojan-activity;sid:83677205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"131.108.39.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814096/; classtype:trojan-activity;sid:83677196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.22.48.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814080/; classtype:trojan-activity;sid:83677180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.34.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814082/; classtype:trojan-activity;sid:83677182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.72.199.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813791/; classtype:trojan-activity;sid:83676891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813151/; classtype:trojan-activity;sid:83676251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.28.123.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813150/; classtype:trojan-activity;sid:83676250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.30.85.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813143/; classtype:trojan-activity;sid:83676243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.210.217.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813146/; classtype:trojan-activity;sid:83676246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813137/; classtype:trojan-activity;sid:83676237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.144.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813133/; classtype:trojan-activity;sid:83676233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.198.242.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813129/; classtype:trojan-activity;sid:83676229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.249.140.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813132/; classtype:trojan-activity;sid:83676232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.216.100.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813125/; classtype:trojan-activity;sid:83676225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.188.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813118/; classtype:trojan-activity;sid:83676218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813111/; classtype:trojan-activity;sid:83676211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.101.130.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813112/; classtype:trojan-activity;sid:83676212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.100.5.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813106/; classtype:trojan-activity;sid:83676206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813107/; classtype:trojan-activity;sid:83676207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.165.209.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813108/; classtype:trojan-activity;sid:83676208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"139.255.67.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813092/; classtype:trojan-activity;sid:83676192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.141.135.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813098/; classtype:trojan-activity;sid:83676198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813100/; classtype:trojan-activity;sid:83676200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.142.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813103/; classtype:trojan-activity;sid:83676203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.29.249.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813084/; classtype:trojan-activity;sid:83676184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.163.57.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813078/; classtype:trojan-activity;sid:83676178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.22.136.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813068/; classtype:trojan-activity;sid:83676168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.204.154.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813069/; classtype:trojan-activity;sid:83676169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.249.52.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813070/; classtype:trojan-activity;sid:83676170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813072/; classtype:trojan-activity;sid:83676172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.228.64.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813057/; classtype:trojan-activity;sid:83676157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.230.153.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813037/; classtype:trojan-activity;sid:83676137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813039/; classtype:trojan-activity;sid:83676139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"141.101.226.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813026/; classtype:trojan-activity;sid:83676126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.255.164.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809236/; classtype:trojan-activity;sid:83672336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.175.223.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809227/; classtype:trojan-activity;sid:83672327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.211.197.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809228/; classtype:trojan-activity;sid:83672328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.221.36.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809229/; classtype:trojan-activity;sid:83672329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.60.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809225/; classtype:trojan-activity;sid:83672325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.211.8.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809208/; classtype:trojan-activity;sid:83672308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.93.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809209/; classtype:trojan-activity;sid:83672309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.122.96.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809203/; classtype:trojan-activity;sid:83672303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.202.63.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809199/; classtype:trojan-activity;sid:83672299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.71.69.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809190/; classtype:trojan-activity;sid:83672290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.89.188.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809193/; classtype:trojan-activity;sid:83672293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.215.61.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809173/; classtype:trojan-activity;sid:83672273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.119.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809175/; classtype:trojan-activity;sid:83672275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.65.45.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809167/; classtype:trojan-activity;sid:83672267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809162/; classtype:trojan-activity;sid:83672262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.42.201.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809158/; classtype:trojan-activity;sid:83672258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.5.6.69"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809145/; classtype:trojan-activity;sid:83672245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809136/; classtype:trojan-activity;sid:83672236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809130/; classtype:trojan-activity;sid:83672230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.32.86.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809128/; classtype:trojan-activity;sid:83672228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809123/; classtype:trojan-activity;sid:83672223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.83.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809120/; classtype:trojan-activity;sid:83672220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.50.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809107/; classtype:trojan-activity;sid:83672207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.214.56.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809112/; classtype:trojan-activity;sid:83672212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.155.192.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809106/; classtype:trojan-activity;sid:83672206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.56.164.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809099/; classtype:trojan-activity;sid:83672199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.200.63.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809084/; classtype:trojan-activity;sid:83672184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809089/; classtype:trojan-activity;sid:83672189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.200.72.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809091/; classtype:trojan-activity;sid:83672191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.28.58.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809073/; classtype:trojan-activity;sid:83672173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.248.56.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809077/; classtype:trojan-activity;sid:83672177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.28.11.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808985/; classtype:trojan-activity;sid:83672085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.228.135.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808986/; classtype:trojan-activity;sid:83672086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.19.174.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808973/; classtype:trojan-activity;sid:83672073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.170.251.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808962/; classtype:trojan-activity;sid:83672062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.210.50.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808966/; classtype:trojan-activity;sid:83672066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.157.212.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808957/; classtype:trojan-activity;sid:83672057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.101.239.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808960/; classtype:trojan-activity;sid:83672060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.4.147.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808951/; classtype:trojan-activity;sid:83672051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.223.44.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808952/; classtype:trojan-activity;sid:83672052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808948/; classtype:trojan-activity;sid:83672048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808947/; classtype:trojan-activity;sid:83672047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.7.160.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808944/; classtype:trojan-activity;sid:83672044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.227.118.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808935/; classtype:trojan-activity;sid:83672035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.108.106.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808938/; classtype:trojan-activity;sid:83672038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808924/; classtype:trojan-activity;sid:83672024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808928/; classtype:trojan-activity;sid:83672028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.84.212.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808907/; classtype:trojan-activity;sid:83672007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.154.135.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808910/; classtype:trojan-activity;sid:83672010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.97.190.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808903/; classtype:trojan-activity;sid:83672003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.64.96.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808900/; classtype:trojan-activity;sid:83672000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.95.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808888/; classtype:trojan-activity;sid:83671988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.6.101.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808886/; classtype:trojan-activity;sid:83671986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.48.119.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808880/; classtype:trojan-activity;sid:83671980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.61.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808876/; classtype:trojan-activity;sid:83671976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.201.25.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808872/; classtype:trojan-activity;sid:83671972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.177.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808869/; classtype:trojan-activity;sid:83671969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.21.120.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808871/; classtype:trojan-activity;sid:83671971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.44.110.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808854/; classtype:trojan-activity;sid:83671954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.12.99.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808855/; classtype:trojan-activity;sid:83671955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.214.31.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808839/; classtype:trojan-activity;sid:83671939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808823/; classtype:trojan-activity;sid:83671923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.177.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808827/; classtype:trojan-activity;sid:83671927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808792/; classtype:trojan-activity;sid:83671892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.107.205.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808795/; classtype:trojan-activity;sid:83671895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.170.48.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808787/; classtype:trojan-activity;sid:83671887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"153.152.44.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808766/; classtype:trojan-activity;sid:83671866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.139.153.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808767/; classtype:trojan-activity;sid:83671867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.183.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808756/; classtype:trojan-activity;sid:83671856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.157.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808758/; classtype:trojan-activity;sid:83671858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.175.42.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808746/; classtype:trojan-activity;sid:83671846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.214.241.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808734/; classtype:trojan-activity;sid:83671834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808737/; classtype:trojan-activity;sid:83671837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.197.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808739/; classtype:trojan-activity;sid:83671839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.117.197.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808718/; classtype:trojan-activity;sid:83671818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.17.248.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808708/; classtype:trojan-activity;sid:83671808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808710/; classtype:trojan-activity;sid:83671810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"12.148.208.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808713/; classtype:trojan-activity;sid:83671813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808717/; classtype:trojan-activity;sid:83671817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.34.7.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808652/; classtype:trojan-activity;sid:83671752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.191.123.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808637/; classtype:trojan-activity;sid:83671737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.60.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808636/; classtype:trojan-activity;sid:83671736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.66.164.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808625/; classtype:trojan-activity;sid:83671725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.101.130.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808619/; classtype:trojan-activity;sid:83671719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.6.74.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808610/; classtype:trojan-activity;sid:83671710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.218.152.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808603/; classtype:trojan-activity;sid:83671703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.80.244.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808594/; classtype:trojan-activity;sid:83671694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808599/; classtype:trojan-activity;sid:83671699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.73.242.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808563/; classtype:trojan-activity;sid:83671663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808562/; classtype:trojan-activity;sid:83671662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.186.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808560/; classtype:trojan-activity;sid:83671660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.189.222.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808545/; classtype:trojan-activity;sid:83671645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.180.9.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808551/; classtype:trojan-activity;sid:83671651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.87.5.2"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808533/; classtype:trojan-activity;sid:83671633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.28.58.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808535/; classtype:trojan-activity;sid:83671635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808520/; classtype:trojan-activity;sid:83671620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.171.80.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808524/; classtype:trojan-activity;sid:83671624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.198.193.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808512/; classtype:trojan-activity;sid:83671612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808515/; classtype:trojan-activity;sid:83671615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.28.58.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808518/; classtype:trojan-activity;sid:83671618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808504/; classtype:trojan-activity;sid:83671604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.111.119.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808502/; classtype:trojan-activity;sid:83671602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.139.249.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808496/; classtype:trojan-activity;sid:83671596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.19.172.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808485/; classtype:trojan-activity;sid:83671585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808467/; classtype:trojan-activity;sid:83671567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.105.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808470/; classtype:trojan-activity;sid:83671570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.36.68.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808474/; classtype:trojan-activity;sid:83671574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.55.243.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808462/; classtype:trojan-activity;sid:83671562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808448/; classtype:trojan-activity;sid:83671548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808444/; classtype:trojan-activity;sid:83671544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.156.46.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808445/; classtype:trojan-activity;sid:83671545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.116.68.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808427/; classtype:trojan-activity;sid:83671527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.168.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808417/; classtype:trojan-activity;sid:83671517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.216.28.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808418/; classtype:trojan-activity;sid:83671518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.194.25.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808420/; classtype:trojan-activity;sid:83671520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.249.54.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808421/; classtype:trojan-activity;sid:83671521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.171.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808408/; classtype:trojan-activity;sid:83671508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.50.169.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808390/; classtype:trojan-activity;sid:83671490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.187.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808399/; classtype:trojan-activity;sid:83671499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.190.76.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808383/; classtype:trojan-activity;sid:83671483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.80.242.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808369/; classtype:trojan-activity;sid:83671469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.72.39.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808371/; classtype:trojan-activity;sid:83671471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808373/; classtype:trojan-activity;sid:83671473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"98.103.171.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808374/; classtype:trojan-activity;sid:83671474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.114.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808366/; classtype:trojan-activity;sid:83671466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.181.0.61"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808363/; classtype:trojan-activity;sid:83671463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808309)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808309/; classtype:trojan-activity;sid:83671409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808300)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808300/; classtype:trojan-activity;sid:83671400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808284/; classtype:trojan-activity;sid:83671384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808286)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808286/; classtype:trojan-activity;sid:83671386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808287/; classtype:trojan-activity;sid:83671387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808291)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808291/; classtype:trojan-activity;sid:83671391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808281)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808281/; classtype:trojan-activity;sid:83671381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808267)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808267/; classtype:trojan-activity;sid:83671367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808231)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808231/; classtype:trojan-activity;sid:83671331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808232)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808232/; classtype:trojan-activity;sid:83671332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808242/; classtype:trojan-activity;sid:83671342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808244/; classtype:trojan-activity;sid:83671344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808248)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808248/; classtype:trojan-activity;sid:83671348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808249)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808249/; classtype:trojan-activity;sid:83671349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808227/; classtype:trojan-activity;sid:83671327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808215)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808215/; classtype:trojan-activity;sid:83671315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808217)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808217/; classtype:trojan-activity;sid:83671317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808198/; classtype:trojan-activity;sid:83671298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808187/; classtype:trojan-activity;sid:83671287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808189/; classtype:trojan-activity;sid:83671289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808183/; classtype:trojan-activity;sid:83671283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808184/; classtype:trojan-activity;sid:83671284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808167/; classtype:trojan-activity;sid:83671267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808168/; classtype:trojan-activity;sid:83671268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807492)"; flow:established,from_client; content:"GET"; http_method; content:"/ping"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.57.122.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807492/; classtype:trojan-activity;sid:83670592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804806)"; flow:established,from_client; content:"GET"; http_method; content:"/slitaz/sources/packages/c/cross-compiler-armv6l.tar.bz2"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"distro.ibiblio.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804806/; classtype:trojan-activity;sid:83667906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799350)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1dkj56fnkcbsf3inlqszzm7vpvq3dmdl5"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799350/; classtype:trojan-activity;sid:83662450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798325)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.119.134.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_01; reference:url, urlhaus.abuse.ch/url/2798325/; classtype:trojan-activity;sid:83661425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798324)"; flow:established,from_client; content:"GET"; http_method; content:"/i386"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"75.119.134.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_01; reference:url, urlhaus.abuse.ch/url/2798324/; classtype:trojan-activity;sid:83661424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795045)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"metrics.gocloudmaps.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2795045/; classtype:trojan-activity;sid:83658145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793603)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1qxwff0k49bjdhwzotirkvqlqhebzgphg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793603/; classtype:trojan-activity;sid:83656703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2791440)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.187.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_24; reference:url, urlhaus.abuse.ch/url/2791440/; classtype:trojan-activity;sid:83654540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790578)"; flow:established,from_client; content:"GET"; http_method; content:"/.index/scan.tar"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.216.207.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790578/; classtype:trojan-activity;sid:83653678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789249)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1aygcpsnow8esde5bkkuaj0bygkowvttd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_21; reference:url, urlhaus.abuse.ch/url/2789249/; classtype:trojan-activity;sid:83652349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787791)"; flow:established,from_client; content:"GET"; http_method; content:"/ykwsyyt/help/hddrive1095_xinanplug3030_20230619_inno.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"60.22.23.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787791/; classtype:trojan-activity;sid:83650891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787399)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1stvkjdfiwxw79oezmc62wzmjjaeftyze"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787399/; classtype:trojan-activity;sid:83650499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787024)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"65.49.44.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787024/; classtype:trojan-activity;sid:83650124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786829)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1re9cqjrafya6wcb5e0zcolwdorvsf9pi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786829/; classtype:trojan-activity;sid:83649929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786674)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"47.101.206.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786674/; classtype:trojan-activity;sid:83649774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786663)"; flow:established,from_client; content:"GET"; http_method; content:"/washywashy14/7zip-bin/master/win/er5thygfd.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786663/; classtype:trojan-activity;sid:83649763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786661)"; flow:established,from_client; content:"GET"; http_method; content:"/washywashy14/7zip-bin/master/win/uemlxaw.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786661/; classtype:trojan-activity;sid:83649761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785768)"; flow:established,from_client; content:"GET"; http_method; content:"/zev3n/ubuntu-gnome-privilege-escalation/main/cve-2020-1612%5b6_7%5d_exploit.sh"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785768/; classtype:trojan-activity;sid:83648868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785466)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/deployment/yellow%20pages%20scraper.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785466/; classtype:trojan-activity;sid:83648566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785447)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/updates/tinder%20bot.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785447/; classtype:trojan-activity;sid:83648547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782882)"; flow:established,from_client; content:"GET"; http_method; content:"/driveapplet.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"noithaticon.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_14; reference:url, urlhaus.abuse.ch/url/2782882/; classtype:trojan-activity;sid:83645982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782434)"; flow:established,from_client; content:"GET"; http_method; content:"/17c4755d1d45ed1bb454/8703634058188758823"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"f24-zfcloud.zdn.vn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782434/; classtype:trojan-activity;sid:83645534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780273)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ge6chcvywbep4kgx_odpxtvfi3vj-zwy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780273/; classtype:trojan-activity;sid:83643373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780261)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.72.39.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780261/; classtype:trojan-activity;sid:83643361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780255)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"oys0ro.static.otenet.gr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780255/; classtype:trojan-activity;sid:83643355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2779770)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.124.205.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2779770/; classtype:trojan-activity;sid:83642870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776130)"; flow:established,from_client; content:"GET"; http_method; content:"//pcs/click|3f|adurl=//bamautzky.de/red.php"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776130/; classtype:trojan-activity;sid:83639230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772697)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/x.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"106.254.250.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772697/; classtype:trojan-activity;sid:83635797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772689)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/met111.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.254.250.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772689/; classtype:trojan-activity;sid:83635789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.188.216.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769195/; classtype:trojan-activity;sid:83632295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.194.8.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769199/; classtype:trojan-activity;sid:83632299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.100.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769165/; classtype:trojan-activity;sid:83632265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769015)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/jeditor/jeditor.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"www.ojang.pe.kr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769015/; classtype:trojan-activity;sid:83632115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765933)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/e_r1.bmp"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"catbaparadisehotel.com.vn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765933/; classtype:trojan-activity;sid:83629033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765626)"; flow:established,from_client; content:"GET"; http_method; content:"/hitmanpro.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hitman-pro.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765626/; classtype:trojan-activity;sid:83628726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765616)"; flow:established,from_client; content:"GET"; http_method; content:"/css/down.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"computersupportexperts.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765616/; classtype:trojan-activity;sid:83628716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765602)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f||7c|26|7c|adurl=https://patricstoremegans2.com/"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765602/; classtype:trojan-activity;sid:83628702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765586)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/e_default.bmp"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"catbaparadisehotel.com.vn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765586/; classtype:trojan-activity;sid:83628686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764512)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764512/; classtype:trojan-activity;sid:83627612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764507)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764507/; classtype:trojan-activity;sid:83627607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764508)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764508/; classtype:trojan-activity;sid:83627608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764509)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764509/; classtype:trojan-activity;sid:83627609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764510)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764510/; classtype:trojan-activity;sid:83627610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764511)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764511/; classtype:trojan-activity;sid:83627611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764488)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.188.215.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764488/; classtype:trojan-activity;sid:83627588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2761815)"; flow:established,from_client; content:"GET"; http_method; content:"/dt9.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"delp-heizungsbau.de"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_02_15; reference:url, urlhaus.abuse.ch/url/2761815/; classtype:trojan-activity;sid:83624915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757963)"; flow:established,from_client; content:"GET"; http_method; content:"/mobileanjian.apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.6.5.3"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757963/; classtype:trojan-activity;sid:83621063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2755280)"; flow:established,from_client; content:"GET"; http_method; content:"/den4ikyt/spoofer/raw/main/hwid%20spoofer.rar"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_02_02; reference:url, urlhaus.abuse.ch/url/2755280/; classtype:trojan-activity;sid:83618380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754788)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754788/; classtype:trojan-activity;sid:83617888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754787)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754787/; classtype:trojan-activity;sid:83617887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754786)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754786/; classtype:trojan-activity;sid:83617886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754784)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754784/; classtype:trojan-activity;sid:83617884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754785)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754785/; classtype:trojan-activity;sid:83617885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754783)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754783/; classtype:trojan-activity;sid:83617883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754299)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wuy2y3vbxibdfqcs6-kx96nocarzixfd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_31; reference:url, urlhaus.abuse.ch/url/2754299/; classtype:trojan-activity;sid:83617399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2753677)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//projetodegente.com"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_30; reference:url, urlhaus.abuse.ch/url/2753677/; classtype:trojan-activity;sid:83616777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751573)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//higreens.co.in"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_25; reference:url, urlhaus.abuse.ch/url/2751573/; classtype:trojan-activity;sid:83614673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751543)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//kavyasourcing.com/"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_25; reference:url, urlhaus.abuse.ch/url/2751543/; classtype:trojan-activity;sid:83614643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751237)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://cliffg.me"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_24; reference:url, urlhaus.abuse.ch/url/2751237/; classtype:trojan-activity;sid:83614337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751171)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://streammobs.com/"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_24; reference:url, urlhaus.abuse.ch/url/2751171/; classtype:trojan-activity;sid:83614271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749355)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://redeamazoniaazul.org/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_18; reference:url, urlhaus.abuse.ch/url/2749355/; classtype:trojan-activity;sid:83612455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749356)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//www.jd-forever.com/"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_18; reference:url, urlhaus.abuse.ch/url/2749356/; classtype:trojan-activity;sid:83612456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749357)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//old.umcl.us/"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_18; reference:url, urlhaus.abuse.ch/url/2749357/; classtype:trojan-activity;sid:83612457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749182)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://wegrowcoaching.com/"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_17; reference:url, urlhaus.abuse.ch/url/2749182/; classtype:trojan-activity;sid:83612282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749177)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://dongyu.us/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_17; reference:url, urlhaus.abuse.ch/url/2749177/; classtype:trojan-activity;sid:83612277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749055)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ez7mmq79ya6ldc_u2jomq6c9knccqpp2"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_16; reference:url, urlhaus.abuse.ch/url/2749055/; classtype:trojan-activity;sid:83612155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748605)"; flow:established,from_client; content:"GET"; http_method; content:"/ssslllap1/asdasd/raw/main/crypted.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_13; reference:url, urlhaus.abuse.ch/url/2748605/; classtype:trojan-activity;sid:83611705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748365)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ifvzub1blhmwsirshbe2wu5b1tus3ls-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748365/; classtype:trojan-activity;sid:83611465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748364)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1bww1cavmcskehhqx7brpue_fhdwskt8r"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748364/; classtype:trojan-activity;sid:83611464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748363)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yydiodtw09banou13ro8ielf9rcmljxy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748363/; classtype:trojan-activity;sid:83611463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748360)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=11cbyky_wegqjut6afr8jannw7vub-xxf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748360/; classtype:trojan-activity;sid:83611460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747896)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//vaibhavtripathi.in"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747896/; classtype:trojan-activity;sid:83610996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747890)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//procuratio.nu/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747890/; classtype:trojan-activity;sid:83610990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747825)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1qsyjsxwhb7iwskqztoyhzeipxcflq7xn"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747825/; classtype:trojan-activity;sid:83610925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747823)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cvz7hgyqz31sjspj6d-a7aotyoj1pius"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747823/; classtype:trojan-activity;sid:83610923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747433)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zpmmtvzq"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_08; reference:url, urlhaus.abuse.ch/url/2747433/; classtype:trojan-activity;sid:83610533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746751)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/avmezmcr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_05; reference:url, urlhaus.abuse.ch/url/2746751/; classtype:trojan-activity;sid:83609851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746285)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/v7jxrycp"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_04; reference:url, urlhaus.abuse.ch/url/2746285/; classtype:trojan-activity;sid:83609385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2745294)"; flow:established,from_client; content:"GET"; http_method; content:"/update.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fvia.id.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_12_30; reference:url, urlhaus.abuse.ch/url/2745294/; classtype:trojan-activity;sid:83608394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743463)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1y7km_gygvbh13nkdf-k_5zzkcnnaxg36"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743463/; classtype:trojan-activity;sid:83606563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743461)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12rmvuwgpj0dzbb3haoaww2lviavhvb4r"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743461/; classtype:trojan-activity;sid:83606561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743460)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rfsmrzeanvap2tnmtwrptlepwarwlkge"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743460/; classtype:trojan-activity;sid:83606560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743459)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1o5wwgpjwoka_quoqp1knccfi4ijeh9zk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743459/; classtype:trojan-activity;sid:83606559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742817)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://synergyconsulting.us"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_12_20; reference:url, urlhaus.abuse.ch/url/2742817/; classtype:trojan-activity;sid:83605917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742524)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//www.deltabehavioralhealth.org/"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742524/; classtype:trojan-activity;sid:83605624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742517)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1thfyivvkzpyrqfa60w9lymrzk-z6vvgy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742517/; classtype:trojan-activity;sid:83605617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742516)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1fhqpevblkipshqumjmsbzeetdzhzxv-j"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742516/; classtype:trojan-activity;sid:83605616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2741593)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"125.140.60.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_17; reference:url, urlhaus.abuse.ch/url/2741593/; classtype:trojan-activity;sid:83604693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2740202)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//balkarsoftware.cubistech.com"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_12_13; reference:url, urlhaus.abuse.ch/url/2740202/; classtype:trojan-activity;sid:83603302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2736496)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.214.56.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_12_01; reference:url, urlhaus.abuse.ch/url/2736496/; classtype:trojan-activity;sid:83599596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734981)"; flow:established,from_client; content:"GET"; http_method; content:"/vendor/bin/nobody/clean.it"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"xiangshunjy.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734981/; classtype:trojan-activity;sid:83598081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734979)"; flow:established,from_client; content:"GET"; http_method; content:"/404"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.184.194.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734979/; classtype:trojan-activity;sid:83598079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733771)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.139.249.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_23; reference:url, urlhaus.abuse.ch/url/2733771/; classtype:trojan-activity;sid:83596871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733212)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//churchinmanila.org/"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_20; reference:url, urlhaus.abuse.ch/url/2733212/; classtype:trojan-activity;sid:83596312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731357)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"115.165.209.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_16; reference:url, urlhaus.abuse.ch/url/2731357/; classtype:trojan-activity;sid:83594457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731061)"; flow:established,from_client; content:"GET"; http_method; content:"/centro/index.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"spst.hqup.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_11_15; reference:url, urlhaus.abuse.ch/url/2731061/; classtype:trojan-activity;sid:83594161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730213)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sjm5t0ktlepibtv3kgaousspnw3zonom"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_13; reference:url, urlhaus.abuse.ch/url/2730213/; classtype:trojan-activity;sid:83593313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730069)"; flow:established,from_client; content:"GET"; http_method; content:"/cronusxd/update/releases/download/programa/universal.cheat.all.games.rar"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_11_12; reference:url, urlhaus.abuse.ch/url/2730069/; classtype:trojan-activity;sid:83593169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729736)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://posicionamientonatural.es/"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_10; reference:url, urlhaus.abuse.ch/url/2729736/; classtype:trojan-activity;sid:83592836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729405)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://namaacont.com/"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_09; reference:url, urlhaus.abuse.ch/url/2729405/; classtype:trojan-activity;sid:83592505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2728799)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/wfwtp8qn"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_11_07; reference:url, urlhaus.abuse.ch/url/2728799/; classtype:trojan-activity;sid:83591899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2727395)"; flow:established,from_client; content:"GET"; http_method; content:"/frankcastle2/0/main/0j"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_03; reference:url, urlhaus.abuse.ch/url/2727395/; classtype:trojan-activity;sid:83590495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726921)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1oxpqeutyreby186exx4zeofyz0rjocsp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726921/; classtype:trojan-activity;sid:83590021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726920)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1e2y5yppu_zjj4o3wmuo-2j8n9lbthkzc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726920/; classtype:trojan-activity;sid:83590020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726906)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_ldguopt2cg7fblntw3ltxgtxqtmlflc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726906/; classtype:trojan-activity;sid:83590006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726907)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=10lygpyju_dlg3x6r9oslzgblshakstl-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726907/; classtype:trojan-activity;sid:83590007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726788)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ozzfkobmxw9pwbtscnlt-gooqqrlybq-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726788/; classtype:trojan-activity;sid:83589888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726777)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sqvm1xsoranfnvqst_kkdmn8yhgulm4k"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726777/; classtype:trojan-activity;sid:83589877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726592)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zqzivoxid6wgvjstzd0lg2vxnpnc-puf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_30; reference:url, urlhaus.abuse.ch/url/2726592/; classtype:trojan-activity;sid:83589692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726432)"; flow:established,from_client; content:"GET"; http_method; content:"/drakeo03/rbxfpsunlocker-x64-hotfix1/zip/refs/heads/main"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_10_28; reference:url, urlhaus.abuse.ch/url/2726432/; classtype:trojan-activity;sid:83589532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726089)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gfn3lqd1rvybut4ha-ldl92wt8ysrzfc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_26; reference:url, urlhaus.abuse.ch/url/2726089/; classtype:trojan-activity;sid:83589189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2722703)"; flow:established,from_client; content:"GET"; http_method; content:"/image.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ircftp.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_10_20; reference:url, urlhaus.abuse.ch/url/2722703/; classtype:trojan-activity;sid:83585803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720988)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.192.203.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_16; reference:url, urlhaus.abuse.ch/url/2720988/; classtype:trojan-activity;sid:83584088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720935)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"221.152.81.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_16; reference:url, urlhaus.abuse.ch/url/2720935/; classtype:trojan-activity;sid:83584035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2719389)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1satmexzn3qpvqzfxnc-5dtnnn8lihdxh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_12; reference:url, urlhaus.abuse.ch/url/2719389/; classtype:trojan-activity;sid:83582489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2719113)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"130.204.154.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_10_10; reference:url, urlhaus.abuse.ch/url/2719113/; classtype:trojan-activity;sid:83582213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2717631)"; flow:established,from_client; content:"GET"; http_method; content:"/112s"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.249.172.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_06; reference:url, urlhaus.abuse.ch/url/2717631/; classtype:trojan-activity;sid:83580731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714956)"; flow:established,from_client; content:"GET"; http_method; content:"/112"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"43.249.172.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714956/; classtype:trojan-activity;sid:83578056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714668)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.41.182.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714668/; classtype:trojan-activity;sid:83577768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713983)"; flow:established,from_client; content:"GET"; http_method; content:"/zibr7/9ei"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.164.17.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713983/; classtype:trojan-activity;sid:83577083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713056)"; flow:established,from_client; content:"GET"; http_method; content:"/rter/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"tanscarattorneys.co.tz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713056/; classtype:trojan-activity;sid:83576156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2711386)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"183.97.32.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_13; reference:url, urlhaus.abuse.ch/url/2711386/; classtype:trojan-activity;sid:83574486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2708874)"; flow:established,from_client; content:"GET"; http_method; content:"/readme.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"svirtual.sanviatorperu.edu.pe"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_09_01; reference:url, urlhaus.abuse.ch/url/2708874/; classtype:trojan-activity;sid:83571974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2705989)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"115.94.9.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_08_21; reference:url, urlhaus.abuse.ch/url/2705989/; classtype:trojan-activity;sid:83569089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2704268)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.214.56.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_08_13; reference:url, urlhaus.abuse.ch/url/2704268/; classtype:trojan-activity;sid:83567368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2704162)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.36.68.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_08_13; reference:url, urlhaus.abuse.ch/url/2704162/; classtype:trojan-activity;sid:83567262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2702776)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/scler.ttf"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"scainseto.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_08_08; reference:url, urlhaus.abuse.ch/url/2702776/; classtype:trojan-activity;sid:83565876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2701777)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/tm63vbgu"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_08_07; reference:url, urlhaus.abuse.ch/url/2701777/; classtype:trojan-activity;sid:83564877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2695319)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.214.56.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_08_01; reference:url, urlhaus.abuse.ch/url/2695319/; classtype:trojan-activity;sid:83558419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2694556)"; flow:established,from_client; content:"GET"; http_method; content:"/v2/plain-sunset-8e5d78/original/js.jpeg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"cdn.pixelbin.io"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_08_01; reference:url, urlhaus.abuse.ch/url/2694556/; classtype:trojan-activity;sid:83557656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2693150)"; flow:established,from_client; content:"GET"; http_method; content:"/housenetshare.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"stdown.dinju.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_31; reference:url, urlhaus.abuse.ch/url/2693150/; classtype:trojan-activity;sid:83556250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2692699)"; flow:established,from_client; content:"GET"; http_method; content:"/v2/long-glade-33dc08/original/rump_img.jpeg"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"cdn.pixelbin.io"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_07_30; reference:url, urlhaus.abuse.ch/url/2692699/; classtype:trojan-activity;sid:83555799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2690396)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.198.242.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_26; reference:url, urlhaus.abuse.ch/url/2690396/; classtype:trojan-activity;sid:83553496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2688262)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.194.46.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_07_23; reference:url, urlhaus.abuse.ch/url/2688262/; classtype:trojan-activity;sid:83551362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2686558)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jc80ycae"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_20; reference:url, urlhaus.abuse.ch/url/2686558/; classtype:trojan-activity;sid:83549658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2676029)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rr3hywgc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_03; reference:url, urlhaus.abuse.ch/url/2676029/; classtype:trojan-activity;sid:83539129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2675524)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.5.2"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_07_02; reference:url, urlhaus.abuse.ch/url/2675524/; classtype:trojan-activity;sid:83538624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2666937)"; flow:established,from_client; content:"GET"; http_method; content:"/t/rat.js"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tpp.tj"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_06_20; reference:url, urlhaus.abuse.ch/url/2666937/; classtype:trojan-activity;sid:83530037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2666936)"; flow:established,from_client; content:"GET"; http_method; content:"/t/file.js"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"tpp.tj"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_06_20; reference:url, urlhaus.abuse.ch/url/2666936/; classtype:trojan-activity;sid:83530036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661661)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661661/; classtype:trojan-activity;sid:83524761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661657)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661657/; classtype:trojan-activity;sid:83524757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661658)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661658/; classtype:trojan-activity;sid:83524758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661660)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661660/; classtype:trojan-activity;sid:83524760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661653)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661653/; classtype:trojan-activity;sid:83524753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661654)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661654/; classtype:trojan-activity;sid:83524754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661655)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661655/; classtype:trojan-activity;sid:83524755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661656)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661656/; classtype:trojan-activity;sid:83524756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648633)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.192.69.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648633/; classtype:trojan-activity;sid:83511733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2640385)"; flow:established,from_client; content:"GET"; http_method; content:"/qdasczxaxj/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"quickfixwebsite.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_05_24; reference:url, urlhaus.abuse.ch/url/2640385/; classtype:trojan-activity;sid:83503485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2632434)"; flow:established,from_client; content:"GET"; http_method; content:"/xqqsou.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_15; reference:url, urlhaus.abuse.ch/url/2632434/; classtype:trojan-activity;sid:83495534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2632435)"; flow:established,from_client; content:"GET"; http_method; content:"/jshggkofqk.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_15; reference:url, urlhaus.abuse.ch/url/2632435/; classtype:trojan-activity;sid:83495535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2628180)"; flow:established,from_client; content:"GET"; http_method; content:"/jtnhsefe.png"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_10; reference:url, urlhaus.abuse.ch/url/2628180/; classtype:trojan-activity;sid:83491280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2628183)"; flow:established,from_client; content:"GET"; http_method; content:"/btwvkpvlg.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_10; reference:url, urlhaus.abuse.ch/url/2628183/; classtype:trojan-activity;sid:83491283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2628184)"; flow:established,from_client; content:"GET"; http_method; content:"/pepbg.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_10; reference:url, urlhaus.abuse.ch/url/2628184/; classtype:trojan-activity;sid:83491284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2628185)"; flow:established,from_client; content:"GET"; http_method; content:"/gkxcfiyk.png"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_10; reference:url, urlhaus.abuse.ch/url/2628185/; classtype:trojan-activity;sid:83491285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2622777)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/1a5fq2ek"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_05_02; reference:url, urlhaus.abuse.ch/url/2622777/; classtype:trojan-activity;sid:83485877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2619968)"; flow:established,from_client; content:"GET"; http_method; content:"/purple/rain.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"fotosdepuebla.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_04_28; reference:url, urlhaus.abuse.ch/url/2619968/; classtype:trojan-activity;sid:83483068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617048)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617048/; classtype:trojan-activity;sid:83480148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617044)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617044/; classtype:trojan-activity;sid:83480144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617045)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617045/; classtype:trojan-activity;sid:83480145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617046)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617046/; classtype:trojan-activity;sid:83480146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617047)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617047/; classtype:trojan-activity;sid:83480147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617042)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617042/; classtype:trojan-activity;sid:83480142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617043)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617043/; classtype:trojan-activity;sid:83480143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615396)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.100.5.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615396/; classtype:trojan-activity;sid:83478496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615316)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.177.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615316/; classtype:trojan-activity;sid:83478416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615310)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.227.118.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615310/; classtype:trojan-activity;sid:83478410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615307)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.129.177.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615307/; classtype:trojan-activity;sid:83478407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615289)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.70.214.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615289/; classtype:trojan-activity;sid:83478389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615287)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615287/; classtype:trojan-activity;sid:83478387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615283)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.65.45.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615283/; classtype:trojan-activity;sid:83478383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615265)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.124.228.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615265/; classtype:trojan-activity;sid:83478365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615251)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.121.103.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615251/; classtype:trojan-activity;sid:83478351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2602547)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/mdpqv8gx"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_04_08; reference:url, urlhaus.abuse.ch/url/2602547/; classtype:trojan-activity;sid:83465647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2582576)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.144.173.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_03_23; reference:url, urlhaus.abuse.ch/url/2582576/; classtype:trojan-activity;sid:83445676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2581006)"; flow:established,from_client; content:"GET"; http_method; content:"/salatikochen/salatapps/archive/refs/heads/main.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_03_22; reference:url, urlhaus.abuse.ch/url/2581006/; classtype:trojan-activity;sid:83444106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2579753)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/fu3d5tvi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_21; reference:url, urlhaus.abuse.ch/url/2579753/; classtype:trojan-activity;sid:83442853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2573934)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/4jusqzvd"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_16; reference:url, urlhaus.abuse.ch/url/2573934/; classtype:trojan-activity;sid:83437034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2573740)"; flow:established,from_client; content:"GET"; http_method; content:"/nsn/nsn.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"linkssl.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_03_16; reference:url, urlhaus.abuse.ch/url/2573740/; classtype:trojan-activity;sid:83436840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2573727)"; flow:established,from_client; content:"GET"; http_method; content:"/sb/sb.js"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"afrihealthexpo.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_03_16; reference:url, urlhaus.abuse.ch/url/2573727/; classtype:trojan-activity;sid:83436827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572740)"; flow:established,from_client; content:"GET"; http_method; content:"/smed/smed.js"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dezino.ir"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572740/; classtype:trojan-activity;sid:83435840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572544)"; flow:established,from_client; content:"GET"; http_method; content:"/nit/nit.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"chinesegarden.com.tr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572544/; classtype:trojan-activity;sid:83435644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572493)"; flow:established,from_client; content:"GET"; http_method; content:"/nti/nti.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"shaderm.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572493/; classtype:trojan-activity;sid:83435593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571631)"; flow:established,from_client; content:"GET"; http_method; content:"/imu/imu.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"waymoadvocates.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571631/; classtype:trojan-activity;sid:83434731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571484)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gabyagozetim.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571484/; classtype:trojan-activity;sid:83434584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571435)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"villanyzsolti.hu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571435/; classtype:trojan-activity;sid:83434535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571417)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"admin.byte.in.ua"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571417/; classtype:trojan-activity;sid:83434517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571387)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"donkeytourscroatia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571387/; classtype:trojan-activity;sid:83434487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571323)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gabyagozetim.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571323/; classtype:trojan-activity;sid:83434423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571282)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gabyagozetim.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571282/; classtype:trojan-activity;sid:83434382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571162)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"admin.byte.in.ua"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571162/; classtype:trojan-activity;sid:83434262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571156)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.institut-corps-a-ligne.fr"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571156/; classtype:trojan-activity;sid:83434256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571152)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cfu.twr.mybluehost.me"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571152/; classtype:trojan-activity;sid:83434252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571135)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"donkeytourscroatia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571135/; classtype:trojan-activity;sid:83434235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571045)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"villanyzsolti.hu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571045/; classtype:trojan-activity;sid:83434145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570912)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"villanyzsolti.hu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570912/; classtype:trojan-activity;sid:83434012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570909)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rpperformance.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570909/; classtype:trojan-activity;sid:83434009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570812)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bracell.latitude.net.br"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570812/; classtype:trojan-activity;sid:83433912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570688)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.institut-corps-a-ligne.fr"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570688/; classtype:trojan-activity;sid:83433788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570642)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"admin.byte.in.ua"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570642/; classtype:trojan-activity;sid:83433742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570563)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"embedone.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570563/; classtype:trojan-activity;sid:83433663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570515)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.institut-corps-a-ligne.fr"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570515/; classtype:trojan-activity;sid:83433615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570474)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cfu.twr.mybluehost.me"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570474/; classtype:trojan-activity;sid:83433574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570471)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.carusoadvogados.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570471/; classtype:trojan-activity;sid:83433571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570165)"; flow:established,from_client; content:"GET"; http_method; content:"/ias/ias.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ossbtvestaffcics.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570165/; classtype:trojan-activity;sid:83433265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2568876)"; flow:established,from_client; content:"GET"; http_method; content:"/teev/teev.js"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"nusatoyota.co.id"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_13; reference:url, urlhaus.abuse.ch/url/2568876/; classtype:trojan-activity;sid:83431976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2568825)"; flow:established,from_client; content:"GET"; http_method; content:"/ota/ota.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"krishnaplastpack.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_13; reference:url, urlhaus.abuse.ch/url/2568825/; classtype:trojan-activity;sid:83431925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2561396)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/index.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"trungtambaohanhmaylanh.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2023_03_07; reference:url, urlhaus.abuse.ch/url/2561396/; classtype:trojan-activity;sid:83424496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2555339)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rn8tlx2e"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_02; reference:url, urlhaus.abuse.ch/url/2555339/; classtype:trojan-activity;sid:83418439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2545788)"; flow:established,from_client; content:"GET"; http_method; content:"/tedburke/commandcam/archive/refs/heads/master.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_20; reference:url, urlhaus.abuse.ch/url/2545788/; classtype:trojan-activity;sid:83408888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2542135)"; flow:established,from_client; content:"GET"; http_method; content:"/ugd/73cceb_e5a698286daf43ac87b4544a35b1a482.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"73cceb63-7ecd-45e2-9eab-f8d98aab177f.usrfiles.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2023_02_16; reference:url, urlhaus.abuse.ch/url/2542135/; classtype:trojan-activity;sid:83405235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2540034)"; flow:established,from_client; content:"GET"; http_method; content:"/unlockteame/unlimited/zip/refs/heads/main"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_14; reference:url, urlhaus.abuse.ch/url/2540034/; classtype:trojan-activity;sid:83403134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2538213)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/images/gallery/credit%20alert.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"anapa-zarya.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_12; reference:url, urlhaus.abuse.ch/url/2538213/; classtype:trojan-activity;sid:83401313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2533240)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bztvxkzb"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_07; reference:url, urlhaus.abuse.ch/url/2533240/; classtype:trojan-activity;sid:83396340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2532808)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/index.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"gabyagozetim.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_07; reference:url, urlhaus.abuse.ch/url/2532808/; classtype:trojan-activity;sid:83395908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2510643)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bn6ktvyl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_01_17; reference:url, urlhaus.abuse.ch/url/2510643/; classtype:trojan-activity;sid:83373743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2502405)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/tgp9td9z"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_01_09; reference:url, urlhaus.abuse.ch/url/2502405/; classtype:trojan-activity;sid:83365505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2468824)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.52.211.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_12_18; reference:url, urlhaus.abuse.ch/url/2468824/; classtype:trojan-activity;sid:83331924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440082)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/token%20grabber.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440082/; classtype:trojan-activity;sid:83303182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440081)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/passwordstealer.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440081/; classtype:trojan-activity;sid:83303181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414734)"; flow:established,from_client; content:"GET"; http_method; content:"/core"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cnom.sante.gov.ml"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414734/; classtype:trojan-activity;sid:83277834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2410141)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.38.184.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_14; reference:url, urlhaus.abuse.ch/url/2410141/; classtype:trojan-activity;sid:83273241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2408069)"; flow:established,from_client; content:"GET"; http_method; content:"/analytics/zy5ntk/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fromthetrenchesworldreport.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2022_11_11; reference:url, urlhaus.abuse.ch/url/2408069/; classtype:trojan-activity;sid:83271169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2406761)"; flow:established,from_client; content:"GET"; http_method; content:"/s/dl/wpoxoxqe2in4fju/doc7november00065.js"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_11_10; reference:url, urlhaus.abuse.ch/url/2406761/; classtype:trojan-activity;sid:83269861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2403614)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/uuja3km9"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_11_07; reference:url, urlhaus.abuse.ch/url/2403614/; classtype:trojan-activity;sid:83266714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2403434)"; flow:established,from_client; content:"GET"; http_method; content:"/down/fw/fw.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tengfeidn.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_07; reference:url, urlhaus.abuse.ch/url/2403434/; classtype:trojan-activity;sid:83266534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2400757)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.72.19.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_04; reference:url, urlhaus.abuse.ch/url/2400757/; classtype:trojan-activity;sid:83263857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2399181)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/nrhtc20u"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_11_03; reference:url, urlhaus.abuse.ch/url/2399181/; classtype:trojan-activity;sid:83262281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2393391)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/block-supports/5.png"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"fullstacknir.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_11_01; reference:url, urlhaus.abuse.ch/url/2393391/; classtype:trojan-activity;sid:83256491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2388056)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/j5nyvlbz"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_10_27; reference:url, urlhaus.abuse.ch/url/2388056/; classtype:trojan-activity;sid:83251156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2376908)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/hf1kfswr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_10_18; reference:url, urlhaus.abuse.ch/url/2376908/; classtype:trojan-activity;sid:83240008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2350870)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/vfrixuukosr"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_05; reference:url, urlhaus.abuse.ch/url/2350870/; classtype:trojan-activity;sid:83213970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2350871)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/frqolwwzjar"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_05; reference:url, urlhaus.abuse.ch/url/2350871/; classtype:trojan-activity;sid:83213971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2346004)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/zjqvxfqziug"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_03; reference:url, urlhaus.abuse.ch/url/2346004/; classtype:trojan-activity;sid:83209104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344776)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/jvtabqibosa"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344776/; classtype:trojan-activity;sid:83207876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344769)"; flow:established,from_client; content:"GET"; http_method; content:"/doc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/kuueqefqqhz"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344769/; classtype:trojan-activity;sid:83207869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344770)"; flow:established,from_client; content:"GET"; http_method; content:"/doc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/nzifvmlonlj"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344770/; classtype:trojan-activity;sid:83207870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344771)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/hsrdqwkmzlr"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344771/; classtype:trojan-activity;sid:83207871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344772)"; flow:established,from_client; content:"GET"; http_method; content:"/doc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/udndlytpwdl"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344772/; classtype:trojan-activity;sid:83207872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344773)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/irvwgjjfsyc"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344773/; classtype:trojan-activity;sid:83207873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344774)"; flow:established,from_client; content:"GET"; http_method; content:"/doc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/zjqyppwjmbp"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344774/; classtype:trojan-activity;sid:83207874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344775)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/ztjemchbyhr"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344775/; classtype:trojan-activity;sid:83207875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2314671)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/8v775ivv"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_26; reference:url, urlhaus.abuse.ch/url/2314671/; classtype:trojan-activity;sid:83177771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2302899)"; flow:established,from_client; content:"GET"; http_method; content:"/janchuk/voidrat/raw/master/voidrat.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_09_14; reference:url, urlhaus.abuse.ch/url/2302899/; classtype:trojan-activity;sid:83165999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2301795)"; flow:established,from_client; content:"GET"; http_method; content:"/buding.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"47.98.224.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_13; reference:url, urlhaus.abuse.ch/url/2301795/; classtype:trojan-activity;sid:83164895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2300014)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/gxkzk3ds"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_12; reference:url, urlhaus.abuse.ch/url/2300014/; classtype:trojan-activity;sid:83163114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2296313)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.180.9.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_09_07; reference:url, urlhaus.abuse.ch/url/2296313/; classtype:trojan-activity;sid:83159413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2290030)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.188.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_02; reference:url, urlhaus.abuse.ch/url/2290030/; classtype:trojan-activity;sid:83153130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2276646)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ujztrvsh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_08_24; reference:url, urlhaus.abuse.ch/url/2276646/; classtype:trojan-activity;sid:83139746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2276438)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/t53jemit"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_08_24; reference:url, urlhaus.abuse.ch/url/2276438/; classtype:trojan-activity;sid:83139538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2276221)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jstt4bu3"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_08_23; reference:url, urlhaus.abuse.ch/url/2276221/; classtype:trojan-activity;sid:83139321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273642)"; flow:established,from_client; content:"GET"; http_method; content:"/rv8i00aqhy9h.appspot.com/w/3cfyb8wwk0rbazs.html|3f|w=923512558645741636"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273642/; classtype:trojan-activity;sid:83136742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273644)"; flow:established,from_client; content:"GET"; http_method; content:"/zu084vpj5pi3.appspot.com/w/5wztrvywkg1nfh3.html|3f|0=26927131496308317"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273644/; classtype:trojan-activity;sid:83136744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273641)"; flow:established,from_client; content:"GET"; http_method; content:"/rv8i00aqhy9h.appspot.com/w/3cfyb8wwk0rbazs.html|3f|b=078869956064707140"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273641/; classtype:trojan-activity;sid:83136741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273631)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9i5j0gyv05.appspot.com/w/3hiwrrbg7kfgwix.html|3f|b=034842339434253164"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273631/; classtype:trojan-activity;sid:83136731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273635)"; flow:established,from_client; content:"GET"; http_method; content:"/mof722sen9dd.appspot.com/w/frv9esc9c6itwcf.html|3f|0=338008105729275687"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273635/; classtype:trojan-activity;sid:83136735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273638)"; flow:established,from_client; content:"GET"; http_method; content:"/no9h3qe3ulhy.appspot.com/w/ovqlo2cstw8agi4.html|3f|0=949870842437428557"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273638/; classtype:trojan-activity;sid:83136738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273639)"; flow:established,from_client; content:"GET"; http_method; content:"/q08e1nunq6qw.appspot.com/w/iqc3wtjt5nwkwr2.html|3f|a=628281255891256139"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273639/; classtype:trojan-activity;sid:83136739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273616)"; flow:established,from_client; content:"GET"; http_method; content:"/no9h3qe3ulhy.appspot.com/w/61wyeicw653vri9.html|3f|0=639911943761137497"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273616/; classtype:trojan-activity;sid:83136716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273620)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9i5j0gyv05.appspot.com/w/bceqtk5gdz1bi0o.html|3f|w=622601326319247024"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273620/; classtype:trojan-activity;sid:83136720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273622)"; flow:established,from_client; content:"GET"; http_method; content:"/mof722sen9dd.appspot.com/w/kdjppmswkowyt08.html|3f|a=635327819844459660"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273622/; classtype:trojan-activity;sid:83136722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273624)"; flow:established,from_client; content:"GET"; http_method; content:"/mof722sen9dd.appspot.com/w/kdjppmswkowyt08.html|3f|0=180530635864101112"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273624/; classtype:trojan-activity;sid:83136724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273625)"; flow:established,from_client; content:"GET"; http_method; content:"/mof722sen9dd.appspot.com/w/7psfpp4zrf4stzt.html|3f|a=516444057951127042"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273625/; classtype:trojan-activity;sid:83136725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273602)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/rgtnon73qqparlt.html|3f|w=400667741549615496"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273602/; classtype:trojan-activity;sid:83136702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273606)"; flow:established,from_client; content:"GET"; http_method; content:"/pf4yttmpbcc1.appspot.com/w/l2vbukjpboaa0rp.html|3f|b=628132126654153176"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273606/; classtype:trojan-activity;sid:83136706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273601)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/pxj4b9pt3neodpl.html|3f|b=105291068911024790"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273601/; classtype:trojan-activity;sid:83136701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273600)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/vzuevaq9st1om0u.html|3f|0=686223453033719951"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273600/; classtype:trojan-activity;sid:83136700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273564)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/pxj4b9pt3neodpl.html|3f|a=798607223158637252"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273564/; classtype:trojan-activity;sid:83136664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273565)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/md9tu4xcfdj0vej.html|3f|w=075279633731175239"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273565/; classtype:trojan-activity;sid:83136665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273566)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/bowky7hf4zoq1yj.html|3f|b=461383376258417948"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273566/; classtype:trojan-activity;sid:83136666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273567)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/anqx16yjifb1cwa.html|3f|0=969703532910206739"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273567/; classtype:trojan-activity;sid:83136667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273569)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/j28wvecoagaougq.html|3f|w=803273432647646489"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273569/; classtype:trojan-activity;sid:83136669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273574)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/vzuevaq9st1om0u.html|3f|a=552325786310453352"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273574/; classtype:trojan-activity;sid:83136674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273575)"; flow:established,from_client; content:"GET"; http_method; content:"/by9sdoqaf4zo.appspot.com/w/faa0zxu52jz0fge.html|3f|0=778301933278021061"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273575/; classtype:trojan-activity;sid:83136675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273579)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/vzuevaq9st1om0u.html|3f|a=414671893653575055"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273579/; classtype:trojan-activity;sid:83136679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273580)"; flow:established,from_client; content:"GET"; http_method; content:"/e899w369ygfh.appspot.com/w/hm8qqu1yh2nhiuw.html|3f|0=850822877794596921"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273580/; classtype:trojan-activity;sid:83136680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273581)"; flow:established,from_client; content:"GET"; http_method; content:"/gewls1oaxiv8.appspot.com/w/k2gvfktvgwo6t7t.html|3f|0=500436606434401193"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273581/; classtype:trojan-activity;sid:83136681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273582)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/2b6lhcmpzq1rcwl.html|3f|0=292730885826958440"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273582/; classtype:trojan-activity;sid:83136682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273583)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/md9tu4xcfdj0vej.html|3f|b=351877166079332276"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273583/; classtype:trojan-activity;sid:83136683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273586)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/d5bpwq7evn1mfxz.html|3f|b=770321496534593005"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273586/; classtype:trojan-activity;sid:83136686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273588)"; flow:established,from_client; content:"GET"; http_method; content:"/c8qhff44bb7f.appspot.com/w/q5gro00vqf3ltx5.html|3f|a=334407029692307930"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273588/; classtype:trojan-activity;sid:83136688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273592)"; flow:established,from_client; content:"GET"; http_method; content:"/e899w369ygfh.appspot.com/w/c82wdsb4ehjf8rf.html|3f|0=051292546441672376"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273592/; classtype:trojan-activity;sid:83136692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273597)"; flow:established,from_client; content:"GET"; http_method; content:"/k6yho9kvu0tt.appspot.com/w/89vh2kpx4x61qlr.html|3f|w=697802237262829742"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273597/; classtype:trojan-activity;sid:83136697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273598)"; flow:established,from_client; content:"GET"; http_method; content:"/kjl51nnbkg8f.appspot.com/w/5m6qptmj0v66s7q.html|3f|0=327926918056836416"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273598/; classtype:trojan-activity;sid:83136698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273599)"; flow:established,from_client; content:"GET"; http_method; content:"/by9sdoqaf4zo.appspot.com/w/faa0zxu52jz0fge.html|3f|a=494789731176222112"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273599/; classtype:trojan-activity;sid:83136699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273560)"; flow:established,from_client; content:"GET"; http_method; content:"/kjl51nnbkg8f.appspot.com/w/i3hmewo60gwvumx.html|3f|b=841660865822302577"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273560/; classtype:trojan-activity;sid:83136660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273561)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/j28wvecoagaougq.html|3f|w=036663603374497270"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273561/; classtype:trojan-activity;sid:83136661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271607)"; flow:established,from_client; content:"GET"; http_method; content:"/av50illsec.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_11; reference:url, urlhaus.abuse.ch/url/2271607/; classtype:trojan-activity;sid:83134707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271606)"; flow:established,from_client; content:"GET"; http_method; content:"/f2"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_11; reference:url, urlhaus.abuse.ch/url/2271606/; classtype:trojan-activity;sid:83134706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271605)"; flow:established,from_client; content:"GET"; http_method; content:"/git911.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_11; reference:url, urlhaus.abuse.ch/url/2271605/; classtype:trojan-activity;sid:83134705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271603)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.isis"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_11; reference:url, urlhaus.abuse.ch/url/2271603/; classtype:trojan-activity;sid:83134703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271604)"; flow:established,from_client; content:"GET"; http_method; content:"/git81.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_11; reference:url, urlhaus.abuse.ch/url/2271604/; classtype:trojan-activity;sid:83134704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271601)"; flow:established,from_client; content:"GET"; http_method; content:"/ssl4.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_11; reference:url, urlhaus.abuse.ch/url/2271601/; classtype:trojan-activity;sid:83134701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271602)"; flow:established,from_client; content:"GET"; http_method; content:"/ssl5.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_11; reference:url, urlhaus.abuse.ch/url/2271602/; classtype:trojan-activity;sid:83134702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271599)"; flow:established,from_client; content:"GET"; http_method; content:"/.t"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_11; reference:url, urlhaus.abuse.ch/url/2271599/; classtype:trojan-activity;sid:83134699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271600)"; flow:established,from_client; content:"GET"; http_method; content:"/isis.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_11; reference:url, urlhaus.abuse.ch/url/2271600/; classtype:trojan-activity;sid:83134700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271598)"; flow:established,from_client; content:"GET"; http_method; content:"/payload_file"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_11; reference:url, urlhaus.abuse.ch/url/2271598/; classtype:trojan-activity;sid:83134698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271595)"; flow:established,from_client; content:"GET"; http_method; content:"/tool,py"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_11; reference:url, urlhaus.abuse.ch/url/2271595/; classtype:trojan-activity;sid:83134695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271596)"; flow:established,from_client; content:"GET"; http_method; content:"/ji6"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_11; reference:url, urlhaus.abuse.ch/url/2271596/; classtype:trojan-activity;sid:83134696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271597)"; flow:established,from_client; content:"GET"; http_method; content:"/jj"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_11; reference:url, urlhaus.abuse.ch/url/2271597/; classtype:trojan-activity;sid:83134697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271593)"; flow:established,from_client; content:"GET"; http_method; content:"/tool,py.save"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_11; reference:url, urlhaus.abuse.ch/url/2271593/; classtype:trojan-activity;sid:83134693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271594)"; flow:established,from_client; content:"GET"; http_method; content:"/jm"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_11; reference:url, urlhaus.abuse.ch/url/2271594/; classtype:trojan-activity;sid:83134694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271295)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.isis"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_10; reference:url, urlhaus.abuse.ch/url/2271295/; classtype:trojan-activity;sid:83134395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271296)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.isis"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_10; reference:url, urlhaus.abuse.ch/url/2271296/; classtype:trojan-activity;sid:83134396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271297)"; flow:established,from_client; content:"GET"; http_method; content:"/u.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_10; reference:url, urlhaus.abuse.ch/url/2271297/; classtype:trojan-activity;sid:83134397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271298)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.isis"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_10; reference:url, urlhaus.abuse.ch/url/2271298/; classtype:trojan-activity;sid:83134398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271299)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.isis"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_10; reference:url, urlhaus.abuse.ch/url/2271299/; classtype:trojan-activity;sid:83134399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271300)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.isis"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_10; reference:url, urlhaus.abuse.ch/url/2271300/; classtype:trojan-activity;sid:83134400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271301)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.isis"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_10; reference:url, urlhaus.abuse.ch/url/2271301/; classtype:trojan-activity;sid:83134401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271292)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.isis"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_10; reference:url, urlhaus.abuse.ch/url/2271292/; classtype:trojan-activity;sid:83134392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271293)"; flow:established,from_client; content:"GET"; http_method; content:"/g81"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_10; reference:url, urlhaus.abuse.ch/url/2271293/; classtype:trojan-activity;sid:83134393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271294)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.isis"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_10; reference:url, urlhaus.abuse.ch/url/2271294/; classtype:trojan-activity;sid:83134394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271291)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.isis"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_10; reference:url, urlhaus.abuse.ch/url/2271291/; classtype:trojan-activity;sid:83134391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271289)"; flow:established,from_client; content:"GET"; http_method; content:"/2.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_10; reference:url, urlhaus.abuse.ch/url/2271289/; classtype:trojan-activity;sid:83134389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271290)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.isis"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.151.89.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_10; reference:url, urlhaus.abuse.ch/url/2271290/; classtype:trojan-activity;sid:83134390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2263529)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"222.117.7.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_01; reference:url, urlhaus.abuse.ch/url/2263529/; classtype:trojan-activity;sid:83126629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2258280)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.181.0.61"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_07_17; reference:url, urlhaus.abuse.ch/url/2258280/; classtype:trojan-activity;sid:83121380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2258131)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/e8kjpbmd"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_07_17; reference:url, urlhaus.abuse.ch/url/2258131/; classtype:trojan-activity;sid:83121231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2255098)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.173.39.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_07_07; reference:url, urlhaus.abuse.ch/url/2255098/; classtype:trojan-activity;sid:83118198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2253550)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ib64cptx"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_07_03; reference:url, urlhaus.abuse.ch/url/2253550/; classtype:trojan-activity;sid:83116650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2253210)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rwrja2sz"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_07_02; reference:url, urlhaus.abuse.ch/url/2253210/; classtype:trojan-activity;sid:83116310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2252574)"; flow:established,from_client; content:"GET"; http_method; content:"/updates1/up.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"1717.1000uc.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_30; reference:url, urlhaus.abuse.ch/url/2252574/; classtype:trojan-activity;sid:83115674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250908)"; flow:established,from_client; content:"GET"; http_method; content:"/ema_kvcebm137.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mersped.mycpanel.rs"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_27; reference:url, urlhaus.abuse.ch/url/2250908/; classtype:trojan-activity;sid:83114008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2241008)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ty045yct"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_16; reference:url, urlhaus.abuse.ch/url/2241008/; classtype:trojan-activity;sid:83104108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2240596)"; flow:established,from_client; content:"GET"; http_method; content:"/js/prototype/form.js"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.usaayurveda.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_16; reference:url, urlhaus.abuse.ch/url/2240596/; classtype:trojan-activity;sid:83103696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2237175)"; flow:established,from_client; content:"GET"; http_method; content:"/cg100/cg100.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_14; reference:url, urlhaus.abuse.ch/url/2237175/; classtype:trojan-activity;sid:83100275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2237174)"; flow:established,from_client; content:"GET"; http_method; content:"/cgmb/benzmonster.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_14; reference:url, urlhaus.abuse.ch/url/2237174/; classtype:trojan-activity;sid:83100274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2236625)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sm02zsvdywdotb7rql/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"dhnconstrucciones.com.ar"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_13; reference:url, urlhaus.abuse.ch/url/2236625/; classtype:trojan-activity;sid:83099725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2233718)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"218.157.219.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_11; reference:url, urlhaus.abuse.ch/url/2233718/; classtype:trojan-activity;sid:83096818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2230406)"; flow:established,from_client; content:"GET"; http_method; content:"/down/newsales/adm_atu.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"palharesinformatica.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_08; reference:url, urlhaus.abuse.ch/url/2230406/; classtype:trojan-activity;sid:83093506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2227709)"; flow:established,from_client; content:"GET"; http_method; content:"/img/rm0xpx/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"jobcity.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_06; reference:url, urlhaus.abuse.ch/url/2227709/; classtype:trojan-activity;sid:83090809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2192744)"; flow:established,from_client; content:"GET"; http_method; content:"/crt/xe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pns.org.pk"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_05_13; reference:url, urlhaus.abuse.ch/url/2192744/; classtype:trojan-activity;sid:83055844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2191248)"; flow:established,from_client; content:"GET"; http_method; content:"/application/phebceg4tx/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.ingonherbal.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_05_12; reference:url, urlhaus.abuse.ch/url/2191248/; classtype:trojan-activity;sid:83054348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2171312)"; flow:established,from_client; content:"GET"; http_method; content:"/verkaufsberater_service/ozrw36a2y1ch2cluzy/"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"farschid.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_04_29; reference:url, urlhaus.abuse.ch/url/2171312/; classtype:trojan-activity;sid:83034412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2164668)"; flow:established,from_client; content:"GET"; http_method; content:"/verkaufsberater_service/uadjw/"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"farschid.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_04_26; reference:url, urlhaus.abuse.ch/url/2164668/; classtype:trojan-activity;sid:83027768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2148323)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/5nnq0rbw"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_04_14; reference:url, urlhaus.abuse.ch/url/2148323/; classtype:trojan-activity;sid:83011423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2135884)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/herrldgm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_04_07; reference:url, urlhaus.abuse.ch/url/2135884/; classtype:trojan-activity;sid:82998984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2134110)"; flow:established,from_client; content:"GET"; http_method; content:"/0011b9cd240249c3aeb520ea1205eaf1.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zhengxinpeixun.oss-cn-qingdao.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_04_06; reference:url, urlhaus.abuse.ch/url/2134110/; classtype:trojan-activity;sid:82997210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2124302)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.10.0/xmrig-6.10.0-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_03_31; reference:url, urlhaus.abuse.ch/url/2124302/; classtype:trojan-activity;sid:82987402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2120589)"; flow:established,from_client; content:"GET"; http_method; content:"/1/f48jppqimvyqqwd2jk3jvvpslx/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"hranenie.pereezd-24.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2120589/; classtype:trojan-activity;sid:82983689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2120590)"; flow:established,from_client; content:"GET"; http_method; content:"/1/f48jppqimvyqqwd2jk3jvvpslx/|3f|i=1"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hranenie.pereezd-24.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2120590/; classtype:trojan-activity;sid:82983690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2119354)"; flow:established,from_client; content:"GET"; http_method; content:"/verkaufsberater_service/3cxmq4uaxy/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"farschid.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2119354/; classtype:trojan-activity;sid:82982454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2119353)"; flow:established,from_client; content:"GET"; http_method; content:"/verkaufsberater_service/3cxmq4uaxy/|3f|i=1"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"farschid.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2119353/; classtype:trojan-activity;sid:82982453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2098517)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/znbskzzj"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_03_15; reference:url, urlhaus.abuse.ch/url/2098517/; classtype:trojan-activity;sid:82961617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gvnzexvvs3vpv0-ihflwnmzmhij3qqly"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086235/; classtype:trojan-activity;sid:82949335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2066122)"; flow:established,from_client; content:"GET"; http_method; content:"/images/vin1.jpg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"namthaibinh.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_02_28; reference:url, urlhaus.abuse.ch/url/2066122/; classtype:trojan-activity;sid:82929222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2066121)"; flow:established,from_client; content:"GET"; http_method; content:"/images/vin2.jpg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"namthaibinh.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_02_28; reference:url, urlhaus.abuse.ch/url/2066121/; classtype:trojan-activity;sid:82929221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2053942)"; flow:established,from_client; content:"GET"; http_method; content:"/zp-user/protected%20client.js"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"dreamwatchevent.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_02_22; reference:url, urlhaus.abuse.ch/url/2053942/; classtype:trojan-activity;sid:82917042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2052331)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"222.113.145.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_02_22; reference:url, urlhaus.abuse.ch/url/2052331/; classtype:trojan-activity;sid:82915431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2048755)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_02_19; reference:url, urlhaus.abuse.ch/url/2048755/; classtype:trojan-activity;sid:82911855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2044850)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/3k52mzsw"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_02_16; reference:url, urlhaus.abuse.ch/url/2044850/; classtype:trojan-activity;sid:82907950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2043048)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.231.226.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_14; reference:url, urlhaus.abuse.ch/url/2043048/; classtype:trojan-activity;sid:82906148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2024674)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.152.84.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_02_02; reference:url, urlhaus.abuse.ch/url/2024674/; classtype:trojan-activity;sid:82887774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2021785)"; flow:established,from_client; content:"GET"; http_method; content:"/hksweep/vendor/font-awesome/svgs/brands/subtraction.php"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"rxquickpay.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_01; reference:url, urlhaus.abuse.ch/url/2021785/; classtype:trojan-activity;sid:82884885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2021799)"; flow:established,from_client; content:"GET"; http_method; content:"/src/js/scripts/gallery/photo-swipe/retraction.php"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"acms.saleseos.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_02_01; reference:url, urlhaus.abuse.ch/url/2021799/; classtype:trojan-activity;sid:82884899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2021704)"; flow:established,from_client; content:"GET"; http_method; content:"/src/js/scripts/gallery/photo-swipe/zany.php"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"acms.saleseos.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_02_01; reference:url, urlhaus.abuse.ch/url/2021704/; classtype:trojan-activity;sid:82884804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008178)"; flow:established,from_client; content:"GET"; http_method; content:"/comply.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.crazywickedaddiction.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008178/; classtype:trojan-activity;sid:82871278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008138)"; flow:established,from_client; content:"GET"; http_method; content:"/squalid.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"continentalgroup.net.in"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008138/; classtype:trojan-activity;sid:82871238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008130)"; flow:established,from_client; content:"GET"; http_method; content:"/development/public/uploads/images/categories/beirut.php"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"www.crazywickedaddiction.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008130/; classtype:trojan-activity;sid:82871230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008131)"; flow:established,from_client; content:"GET"; http_method; content:"/belt.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"forms.saurashtrauniversity.edu"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008131/; classtype:trojan-activity;sid:82871231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2007403)"; flow:established,from_client; content:"GET"; http_method; content:"/b/tu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"izogard.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_26; reference:url, urlhaus.abuse.ch/url/2007403/; classtype:trojan-activity;sid:82870503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2007115)"; flow:established,from_client; content:"GET"; http_method; content:"/nashi-klienty/b5sc/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"izocab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_26; reference:url, urlhaus.abuse.ch/url/2007115/; classtype:trojan-activity;sid:82870215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1986867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp_it22/test_zip2/loader_zip.js"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"5.8.18.7"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2022_01_18; reference:url, urlhaus.abuse.ch/url/1986867/; classtype:trojan-activity;sid:82849967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1978480)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.22.136.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_15; reference:url, urlhaus.abuse.ch/url/1978480/; classtype:trojan-activity;sid:82841580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1917301)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/okxyj/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"fulltai.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_24; reference:url, urlhaus.abuse.ch/url/1917301/; classtype:trojan-activity;sid:82780401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1895334)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/twentyseventeen/s.cmd"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"150.60.139.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_18; reference:url, urlhaus.abuse.ch/url/1895334/; classtype:trojan-activity;sid:82758434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1892687)"; flow:established,from_client; content:"GET"; http_method; content:"/sphygmus.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"chaparral.es"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_17; reference:url, urlhaus.abuse.ch/url/1892687/; classtype:trojan-activity;sid:82755787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1891042)"; flow:established,from_client; content:"GET"; http_method; content:"/reactron.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"chaparral.es"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1891042/; classtype:trojan-activity;sid:82754142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1891016)"; flow:established,from_client; content:"GET"; http_method; content:"/mausoleum.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"chaparral.es"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1891016/; classtype:trojan-activity;sid:82754116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1890991)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/porto/less/js_composer/sneerly.php"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"chaparral.es"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1890991/; classtype:trojan-activity;sid:82754091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1890984)"; flow:established,from_client; content:"GET"; http_method; content:"/unbaked.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"chaparral.es"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1890984/; classtype:trojan-activity;sid:82754084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1890257)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/crypta.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"reauthenticator.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1890257/; classtype:trojan-activity;sid:82753357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888166)"; flow:established,from_client; content:"GET"; http_method; content:"/actionably.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888166/; classtype:trojan-activity;sid:82751266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888149)"; flow:established,from_client; content:"GET"; http_method; content:"/roughness.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888149/; classtype:trojan-activity;sid:82751249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888139)"; flow:established,from_client; content:"GET"; http_method; content:"/intermission.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888139/; classtype:trojan-activity;sid:82751239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888114)"; flow:established,from_client; content:"GET"; http_method; content:"/redesign.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888114/; classtype:trojan-activity;sid:82751214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888115)"; flow:established,from_client; content:"GET"; http_method; content:"/antienuretic.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888115/; classtype:trojan-activity;sid:82751215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888106)"; flow:established,from_client; content:"GET"; http_method; content:"/fizz.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888106/; classtype:trojan-activity;sid:82751206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888086)"; flow:established,from_client; content:"GET"; http_method; content:"/designer.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888086/; classtype:trojan-activity;sid:82751186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888092)"; flow:established,from_client; content:"GET"; http_method; content:"/frustrating.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888092/; classtype:trojan-activity;sid:82751192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888081)"; flow:established,from_client; content:"GET"; http_method; content:"/conditioner.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888081/; classtype:trojan-activity;sid:82751181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888082)"; flow:established,from_client; content:"GET"; http_method; content:"/unthinkably.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888082/; classtype:trojan-activity;sid:82751182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888084)"; flow:established,from_client; content:"GET"; http_method; content:"/unexplainable.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888084/; classtype:trojan-activity;sid:82751184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888085)"; flow:established,from_client; content:"GET"; http_method; content:"/whiz.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888085/; classtype:trojan-activity;sid:82751185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1861154)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.158.206.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_07; reference:url, urlhaus.abuse.ch/url/1861154/; classtype:trojan-activity;sid:82724254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844323)"; flow:established,from_client; content:"GET"; http_method; content:"/ugd/8db3b9_f3723fffd8464e7caa824f845cc454d1.txt|3f|dn=rendomtext"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"8db3b91a-ea93-419b-b51b-0a69902759c5.usrfiles.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844323/; classtype:trojan-activity;sid:82707423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1840623)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/t7scuzy/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"apple-service93.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1840623/; classtype:trojan-activity;sid:82703723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1823000)"; flow:established,from_client; content:"GET"; http_method; content:"/ugd/e0e60b_59127be38d0b4064bec0e29cb8b94d15.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"e0e60b79-a4cf-434f-a1f3-9fc2defea271.usrfiles.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2021_11_27; reference:url, urlhaus.abuse.ch/url/1823000/; classtype:trojan-activity;sid:82686100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1809781)"; flow:established,from_client; content:"GET"; http_method; content:"/libraries/vendor/joomla/registry/src/format/pinafore.php"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"ukguk71.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_11_23; reference:url, urlhaus.abuse.ch/url/1809781/; classtype:trojan-activity;sid:82672881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1783703)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"69.11.121.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_11_13; reference:url, urlhaus.abuse.ch/url/1783703/; classtype:trojan-activity;sid:82646803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1778573)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/c91fwnb0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_11_12; reference:url, urlhaus.abuse.ch/url/1778573/; classtype:trojan-activity;sid:82641673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1761107)"; flow:established,from_client; content:"GET"; http_method; content:"/svr_netchecker/server.asp|3f|v_command=3002|7c|26|7c|v_progname=sjptmanagerlauncher.exe"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"server.toeicswt.co.kr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_11_07; reference:url, urlhaus.abuse.ch/url/1761107/; classtype:trojan-activity;sid:82624207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1751625)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ywjkrwem"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_11_04; reference:url, urlhaus.abuse.ch/url/1751625/; classtype:trojan-activity;sid:82614725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1743733)"; flow:established,from_client; content:"GET"; http_method; content:"/zoologies.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1743733/; classtype:trojan-activity;sid:82606833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1743713)"; flow:established,from_client; content:"GET"; http_method; content:"/whacked.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1743713/; classtype:trojan-activity;sid:82606813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1743660)"; flow:established,from_client; content:"GET"; http_method; content:"/unplug.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1743660/; classtype:trojan-activity;sid:82606760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1734778)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"66.189.122.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_11_01; reference:url, urlhaus.abuse.ch/url/1734778/; classtype:trojan-activity;sid:82597878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1728024)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/egenyqrk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_10_29; reference:url, urlhaus.abuse.ch/url/1728024/; classtype:trojan-activity;sid:82591124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1727038)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/nwj3nqw2"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_10_29; reference:url, urlhaus.abuse.ch/url/1727038/; classtype:trojan-activity;sid:82590138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1720728)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/medialibrary/012/fucking.php"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"shop.mediasova.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_27; reference:url, urlhaus.abuse.ch/url/1720728/; classtype:trojan-activity;sid:82583828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1720508)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/medialibrary/012/chaperon.php"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"shop.mediasova.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_27; reference:url, urlhaus.abuse.ch/url/1720508/; classtype:trojan-activity;sid:82583608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1719102)"; flow:established,from_client; content:"GET"; http_method; content:"/update/finaly_hd.jpg"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"greenmile.ng"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_10_27; reference:url, urlhaus.abuse.ch/url/1719102/; classtype:trojan-activity;sid:82582202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1704978)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=04a3894062e7d373|7c|26|7c|resid=4a3894062e7d373%21192|7c|26|7c|authkey=ab7i1w77n6tsb3m"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_21; reference:url, urlhaus.abuse.ch/url/1704978/; classtype:trojan-activity;sid:82568078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1698617)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=75ea534baf13442d|7c|26|7c|resid=75ea534baf13442d%21128|7c|26|7c|authkey=akd4vmzywc14zgq|7c|26|7c|em=2"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_20; reference:url, urlhaus.abuse.ch/url/1698617/; classtype:trojan-activity;sid:82561717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1695302)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=07e7986a5bf9243c|7c|26|7c|resid=7e7986a5bf9243c%21490|7c|26|7c|authkey=abhawhbvtpoyc2a"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_19; reference:url, urlhaus.abuse.ch/url/1695302/; classtype:trojan-activity;sid:82558402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1681096)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/htylx0l1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_10_15; reference:url, urlhaus.abuse.ch/url/1681096/; classtype:trojan-activity;sid:82544196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1668138)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/2a3tx7hd"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_10_11; reference:url, urlhaus.abuse.ch/url/1668138/; classtype:trojan-activity;sid:82531238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1658131)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=539bd593e9568c65|7c|26|7c|resid=539bd593e9568c65%21136|7c|26|7c|authkey=aepr2tr-q36tt8u|7c|26|7c|em=2"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_06; reference:url, urlhaus.abuse.ch/url/1658131/; classtype:trojan-activity;sid:82521231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1657096)"; flow:established,from_client; content:"GET"; http_method; content:"/update/ana/update.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.teknoarge.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_06; reference:url, urlhaus.abuse.ch/url/1657096/; classtype:trojan-activity;sid:82520196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1647561)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12ma_yvbmprts6e_vkfnmwikrnwsarqbw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_29; reference:url, urlhaus.abuse.ch/url/1647561/; classtype:trojan-activity;sid:82510661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1641492)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2021/01/spell.php"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"easybrand.vn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_23; reference:url, urlhaus.abuse.ch/url/1641492/; classtype:trojan-activity;sid:82504592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1641483)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/container/jewelry.php"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"seamlessvideowall.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_09_23; reference:url, urlhaus.abuse.ch/url/1641483/; classtype:trojan-activity;sid:82504583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1641470)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/container/shrill.php"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"seamlessvideowall.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_09_23; reference:url, urlhaus.abuse.ch/url/1641470/; classtype:trojan-activity;sid:82504570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1641460)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2021/01/stored.php"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"easybrand.vn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_23; reference:url, urlhaus.abuse.ch/url/1641460/; classtype:trojan-activity;sid:82504560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1641434)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/container/inevitably.php"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"seamlessvideowall.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_09_23; reference:url, urlhaus.abuse.ch/url/1641434/; classtype:trojan-activity;sid:82504534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1641421)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/container/sandbagged.php"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"seamlessvideowall.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_09_23; reference:url, urlhaus.abuse.ch/url/1641421/; classtype:trojan-activity;sid:82504521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1640507)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=2cc133e5e8e9b372|7c|26|7c|resid=2cc133e5e8e9b372%21113|7c|26|7c|authkey=agftuffxlpqkaz8|7c|26|7c|em=2"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_09_23; reference:url, urlhaus.abuse.ch/url/1640507/; classtype:trojan-activity;sid:82503607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1638740)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xpmlg1s0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_21; reference:url, urlhaus.abuse.ch/url/1638740/; classtype:trojan-activity;sid:82501840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1638721)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/3pqfze3c"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_21; reference:url, urlhaus.abuse.ch/url/1638721/; classtype:trojan-activity;sid:82501821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1624890)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1o9jg3oqyewncoptigwscdbtfmvtfqygj"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_16; reference:url, urlhaus.abuse.ch/url/1624890/; classtype:trojan-activity;sid:82487990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1609238)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/mjzm2uub"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_10; reference:url, urlhaus.abuse.ch/url/1609238/; classtype:trojan-activity;sid:82472338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1609225)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/fhxehwzr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_10; reference:url, urlhaus.abuse.ch/url/1609225/; classtype:trojan-activity;sid:82472325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582138)"; flow:established,from_client; content:"GET"; http_method; content:"/coon.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"allendostmen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582138/; classtype:trojan-activity;sid:82445238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582118)"; flow:established,from_client; content:"GET"; http_method; content:"/manly.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"allendostmen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582118/; classtype:trojan-activity;sid:82445218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582106)"; flow:established,from_client; content:"GET"; http_method; content:"/lecher.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"allendostmen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582106/; classtype:trojan-activity;sid:82445206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582015)"; flow:established,from_client; content:"GET"; http_method; content:"/strobing.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"allendostmen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582015/; classtype:trojan-activity;sid:82445115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1577204)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.126.170.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_08_30; reference:url, urlhaus.abuse.ch/url/1577204/; classtype:trojan-activity;sid:82440304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1569937)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/2fvyxcn8"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_08_27; reference:url, urlhaus.abuse.ch/url/1569937/; classtype:trojan-activity;sid:82433037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1560761)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/safmanager/safman_setup.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"www.saf-oil.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_08_24; reference:url, urlhaus.abuse.ch/url/1560761/; classtype:trojan-activity;sid:82423861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503427)"; flow:established,from_client; content:"GET"; http_method; content:"/teachable.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"chat-server.maverickpreviews.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503427/; classtype:trojan-activity;sid:82366527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503410)"; flow:established,from_client; content:"GET"; http_method; content:"/aggressive.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"chat-server.maverickpreviews.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503410/; classtype:trojan-activity;sid:82366510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503377)"; flow:established,from_client; content:"GET"; http_method; content:"/belt.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503377/; classtype:trojan-activity;sid:82366477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503368)"; flow:established,from_client; content:"GET"; http_method; content:"/anarchical.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503368/; classtype:trojan-activity;sid:82366468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503361)"; flow:established,from_client; content:"GET"; http_method; content:"/newborn.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"chat-server.maverickpreviews.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503361/; classtype:trojan-activity;sid:82366461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503351)"; flow:established,from_client; content:"GET"; http_method; content:"/ruckus.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.cutting-edge.in"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503351/; classtype:trojan-activity;sid:82366451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503338)"; flow:established,from_client; content:"GET"; http_method; content:"/unanswerable.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"chat-server.maverickpreviews.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503338/; classtype:trojan-activity;sid:82366438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503341)"; flow:established,from_client; content:"GET"; http_method; content:"/harass.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.cutting-edge.in"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503341/; classtype:trojan-activity;sid:82366441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1497688)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_08_01; reference:url, urlhaus.abuse.ch/url/1497688/; classtype:trojan-activity;sid:82360788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1497194)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.223.44.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_08_01; reference:url, urlhaus.abuse.ch/url/1497194/; classtype:trojan-activity;sid:82360294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1473823)"; flow:established,from_client; content:"GET"; http_method; content:"/sweat.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.cutting-edge.in"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_07_22; reference:url, urlhaus.abuse.ch/url/1473823/; classtype:trojan-activity;sid:82336923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1470181)"; flow:established,from_client; content:"GET"; http_method; content:"/power.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.106.250.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_21; reference:url, urlhaus.abuse.ch/url/1470181/; classtype:trojan-activity;sid:82333281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1469946)"; flow:established,from_client; content:"GET"; http_method; content:"/hajime"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_21; reference:url, urlhaus.abuse.ch/url/1469946/; classtype:trojan-activity;sid:82333046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1434520)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.205.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_07; reference:url, urlhaus.abuse.ch/url/1434520/; classtype:trojan-activity;sid:82297620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1431282)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zn9ibvfw"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_06; reference:url, urlhaus.abuse.ch/url/1431282/; classtype:trojan-activity;sid:82294382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422022)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1n8_s6gijerearczwh74blkygodig64eo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422022/; classtype:trojan-activity;sid:82285122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422010)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yfqtugahqhqrulwugdekeavffktsl8ci"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422010/; classtype:trojan-activity;sid:82285110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1416935)"; flow:established,from_client; content:"GET"; http_method; content:"/multifunctional.php"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"advansys.com.ar"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_01; reference:url, urlhaus.abuse.ch/url/1416935/; classtype:trojan-activity;sid:82280035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1416925)"; flow:established,from_client; content:"GET"; http_method; content:"/livestock.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"advansys.com.ar"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_01; reference:url, urlhaus.abuse.ch/url/1416925/; classtype:trojan-activity;sid:82280025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1416914)"; flow:established,from_client; content:"GET"; http_method; content:"/steepness.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"advansys.com.ar"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_01; reference:url, urlhaus.abuse.ch/url/1416914/; classtype:trojan-activity;sid:82280014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1416690)"; flow:established,from_client; content:"GET"; http_method; content:"/anthropoid.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"advansys.com.ar"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_01; reference:url, urlhaus.abuse.ch/url/1416690/; classtype:trojan-activity;sid:82279790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1416653)"; flow:established,from_client; content:"GET"; http_method; content:"/liniment.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"advansys.com.ar"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_01; reference:url, urlhaus.abuse.ch/url/1416653/; classtype:trojan-activity;sid:82279753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1402229)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.230.153.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_26; reference:url, urlhaus.abuse.ch/url/1402229/; classtype:trojan-activity;sid:82265329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1391235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sbd1rnw8luztjmsh6gdlzupvyupbopa0|7c|26|7c|revid=0b3yyjts_woklr2vnyxvqohlidxbxn1l2wwjntxfnwvi5v0h3pq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_23; reference:url, urlhaus.abuse.ch/url/1391235/; classtype:trojan-activity;sid:82254335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1378480)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ctmywlj5wouiug1wgizy3ke7yj1u0yor|7c|26|7c|revid=0b_t0-zked1mgagxwmxcwywq5q0q1uk1uoxcwaup6l2ovmtdjpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_19; reference:url, urlhaus.abuse.ch/url/1378480/; classtype:trojan-activity;sid:82241580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1372338)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1alq8r5tnr6wwiftqa3l6d9fymv7y0g9m"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_17; reference:url, urlhaus.abuse.ch/url/1372338/; classtype:trojan-activity;sid:82235438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1371786)"; flow:established,from_client; content:"GET"; http_method; content:"/watercress.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.playtown.co.za"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_06_16; reference:url, urlhaus.abuse.ch/url/1371786/; classtype:trojan-activity;sid:82234886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1371739)"; flow:established,from_client; content:"GET"; http_method; content:"/lining.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.playtown.co.za"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_06_16; reference:url, urlhaus.abuse.ch/url/1371739/; classtype:trojan-activity;sid:82234839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1371719)"; flow:established,from_client; content:"GET"; http_method; content:"/scroungy.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.playtown.co.za"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_06_16; reference:url, urlhaus.abuse.ch/url/1371719/; classtype:trojan-activity;sid:82234819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1369570)"; flow:established,from_client; content:"GET"; http_method; content:"/pinout.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_15; reference:url, urlhaus.abuse.ch/url/1369570/; classtype:trojan-activity;sid:82232670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1369536)"; flow:established,from_client; content:"GET"; http_method; content:"/steeplechases.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_15; reference:url, urlhaus.abuse.ch/url/1369536/; classtype:trojan-activity;sid:82232636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1369533)"; flow:established,from_client; content:"GET"; http_method; content:"/familial.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_15; reference:url, urlhaus.abuse.ch/url/1369533/; classtype:trojan-activity;sid:82232633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1364815)"; flow:established,from_client; content:"GET"; http_method; content:"/update_vbase/voklight.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"visam.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_06_14; reference:url, urlhaus.abuse.ch/url/1364815/; classtype:trojan-activity;sid:82227915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1364597)"; flow:established,from_client; content:"GET"; http_method; content:"/update_vbase/voklightd.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"visam.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_06_14; reference:url, urlhaus.abuse.ch/url/1364597/; classtype:trojan-activity;sid:82227697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1352974)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_06_11; reference:url, urlhaus.abuse.ch/url/1352974/; classtype:trojan-activity;sid:82216074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350653)"; flow:established,from_client; content:"GET"; http_method; content:"/habitual.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350653/; classtype:trojan-activity;sid:82213753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350619)"; flow:established,from_client; content:"GET"; http_method; content:"/ruleless.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350619/; classtype:trojan-activity;sid:82213719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350517)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1tilqozot07vylvdmmsfs7ia452jwhktj|7c|26|7c|revid=0b7gsmqzks4xkcdjcwhuvatj2qvlvchnmnnovu2ldzstek2jzpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350517/; classtype:trojan-activity;sid:82213617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1348672)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1etpmpb2shvuny5dxj5awfpxklxqpbzgx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1348672/; classtype:trojan-activity;sid:82211772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346907)"; flow:established,from_client; content:"GET"; http_method; content:"/toothy.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346907/; classtype:trojan-activity;sid:82210007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346883)"; flow:established,from_client; content:"GET"; http_method; content:"/unpunished.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346883/; classtype:trojan-activity;sid:82209983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346871)"; flow:established,from_client; content:"GET"; http_method; content:"/defended.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346871/; classtype:trojan-activity;sid:82209971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1331376)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1b6t1mjnjcvndcy-mdqq0neqrbocqyju4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_06; reference:url, urlhaus.abuse.ch/url/1331376/; classtype:trojan-activity;sid:82194476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1327898)"; flow:established,from_client; content:"GET"; http_method; content:"/inst77player/inst77player_1.0.0.1.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"softdl.360tpcdn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_06_05; reference:url, urlhaus.abuse.ch/url/1327898/; classtype:trojan-activity;sid:82190998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1319551)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nw1gmzg6lwtuhs0tte969xcfpp9_dc5q"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_03; reference:url, urlhaus.abuse.ch/url/1319551/; classtype:trojan-activity;sid:82182651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314584)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqofspqgo4lhe7xt4ky-gkjbc9rgwzgw9rksc_azpw2gotdlnhx9oxc_rgk1zz9mgxxwqoixey0eajp/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314584/; classtype:trojan-activity;sid:82177684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314578)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vszvhw0lywviz_dpqozkdip0orjsf7411ucirwqegcgfxwqqb3nqpbn3d7orqqxnatypulra_ssggie/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314578/; classtype:trojan-activity;sid:82177678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314581)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vr-asdhfa85lnhp1g6rll18x2htnflvy5zggxzrfveecvbhjiwaes9o9w3dn49od7lplixl3u59icjr/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314581/; classtype:trojan-activity;sid:82177681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314569)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqb__8qdiraoo-s_qrzkk8o_8brsuwaeje3ivcd5efhddlux4gw5otilj5ezfenwjzaha-zojj_7srj/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314569/; classtype:trojan-activity;sid:82177669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314562)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqha4kutkvbpn1c9r1jolub-v1dyh36itza-2zhojxuluskoxk6iogpy8b8iscqqjskaf3wduc6oykt/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314562/; classtype:trojan-activity;sid:82177662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314563)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqm_l1o1djktv6pcfwixdz1gjaqrg26rpb3n3uqpk0jqvif91b_irdew7mo34hhhoffbjohoztlmdtp/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314563/; classtype:trojan-activity;sid:82177663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314556)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrxkt9v4qcom-0wjceb6bexufgpr_vdebkc-kra8h7gutbblset1veguumqxs3npiv4qw-7_1kiy3jm/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314556/; classtype:trojan-activity;sid:82177656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314548)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vspnrqtfaftwpvbd8o61fbvozlhc3z0x8jy4glnji-v80xrxnlemgt89l5imnr_7kxst0gn9ydkjj0q/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314548/; classtype:trojan-activity;sid:82177648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314549)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vsftpbjz498ict3ab9-tehopymacl8ygytkgufxpnwlfphfxyyh5jmfj_2llrrddsiu8vypu1ksvp5p/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314549/; classtype:trojan-activity;sid:82177649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314550)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vshl18r1ck_d3qquy_96cldxn3bn2en2drftj2jau29p-unkvg5b093kl8xckthpd2jfiaplgzbiqnu/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314550/; classtype:trojan-activity;sid:82177650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314543)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vs1h7txewarzqve-jwxnwcgzibofoz58qrk8kerhmfz8mpippgfjeoijthgmm-tw7lwcipr8acup_ft/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314543/; classtype:trojan-activity;sid:82177643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314544)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vr92cz6z4uh71ogqyzgn6vtdc54xoa0iovizmkmogvekyix648nysfipvt4qto6uvtrp9jsatoeuhk3/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314544/; classtype:trojan-activity;sid:82177644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314545)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtuc-a7s7ylxnfwqp8oxz6no5uwdmabudx-6glkwrnzjwqwgdtcpdvwp0x0l03qdarzrzonj_adevlw/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314545/; classtype:trojan-activity;sid:82177645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314534)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqe1vc-nlfenfgigyaugmmg1dq4l0-haikp9qxkacc32ig0xtg6go8lejdoogo0vfeoie4tcyy4_bn4/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314534/; classtype:trojan-activity;sid:82177634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314535)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vsrvkllojuhzbqokettk0u2b1whglldp35-o1zgt_jlem2z2odwedj0z9sgtukvikdowcuan-0fj5wn/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314535/; classtype:trojan-activity;sid:82177635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314537)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqvbpr6y2jjnkxfpcwt9uv7pqycg6vdoowr-xnakhtl9ns4tk44rpa91em8usoc992uqyrpn6ucy5ep/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314537/; classtype:trojan-activity;sid:82177637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314526)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vq8kqm4rsobvbpga8ncnzs-1xulwuezfri9x1ktowpiijctqe1uq0iged6iq7sa5zuhnh56egsebkoj/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314526/; classtype:trojan-activity;sid:82177626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287391)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtecbrofm9hcrdmzz8g7ktneypnrpr1s7bvyoit3r8jd7rjanmysk9yyuhvzmdp3dmkd-xss7kpyffa/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287391/; classtype:trojan-activity;sid:82150491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287387)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vt544w_wvxhvfskbx2zio7pht-jzhb1nvr7y1qhtxccjopcfxzhm1mottjhjsdudpgs9lfrjcqzoi8n/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287387/; classtype:trojan-activity;sid:82150487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287378)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtcfdv_0srlqbmtfzi6hivmikknsfqd5bubuem-s-mzpzfsva62zyncoy-phkzysuhuddl0yhlyajye/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287378/; classtype:trojan-activity;sid:82150478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287373)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrtnhy8ipm82egefg7zhukj5qwbit31-jlhdsxovff8rcefw2uhpndpuclv_ffrqqdjhxyxympj3ame/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287373/; classtype:trojan-activity;sid:82150473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287333)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vt4iy9nlwuov8hsmpykbfkn1fh1ydp7ms8dudg2ldfjgxf8rumdtzgiw7ukoifo3ap-pb7ybzlcdfqi/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287333/; classtype:trojan-activity;sid:82150433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1285698)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"222.114.95.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1285698/; classtype:trojan-activity;sid:82148798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278913)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtyg409rjv4omi3oujyjsc6ajzflluuz37ofzbpjjihmrewoh2ehp2pwbfllgyy_yzqdrldwcaejvd5/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278913/; classtype:trojan-activity;sid:82142013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278910)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vr1e4kzyqneoh2tjc5rh_unlfwjdo31gedrveg0wdyrprmm3yfdxjqxdvyy535adzu5p9m4mrvdau9v/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278910/; classtype:trojan-activity;sid:82142010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278905)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrvmutaxfc2ewkvy_l_cewfjwv4md_uadqlv4onmlyc0frnp7jod3ru93sm6y-tmoj0nrvbfylt739z/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278905/; classtype:trojan-activity;sid:82142005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278895)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtpholmraa4dir0lg8z5yhqljwbzp0qkypc3jax6d3l0hs6n23kpm2iqgccjvbvug5th443jjbzs2uv/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278895/; classtype:trojan-activity;sid:82141995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278896)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vq6nr-yg49vldzzxliqvpupbajoss2nfxsnsk3khaixmvqydl20mxhttp-qa7mojkwa4osepa76nnbl/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278896/; classtype:trojan-activity;sid:82141996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278899)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqyowyoxata2couqa6uc3gwi59sq5maualr7yfmq6luzvtefqopogncbli8hx6vubkt2b65qerqhzy8/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278899/; classtype:trojan-activity;sid:82141999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278586)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/j5fxvrf3"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278586/; classtype:trojan-activity;sid:82141686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1265914)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.144.235.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_21; reference:url, urlhaus.abuse.ch/url/1265914/; classtype:trojan-activity;sid:82129014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1252888)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/v1jcezvd"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_18; reference:url, urlhaus.abuse.ch/url/1252888/; classtype:trojan-activity;sid:82115988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1252886)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/gz3wxtar"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_18; reference:url, urlhaus.abuse.ch/url/1252886/; classtype:trojan-activity;sid:82115986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1237690)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1m8jszvq-ztfrul7vgsb6q-n3ftgnkbdj|7c|26|7c|revid=0bxrhybf9__wnmgjlnmxmunzznlu0v204azc4edmzcep6a0hzpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_15; reference:url, urlhaus.abuse.ch/url/1237690/; classtype:trojan-activity;sid:82100790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1233306)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gv_nk9llqw4fxudo-khja7nuuj1kevvw|7c|26|7c|revid=0b7zefp-g6n7vm0zhowo4be9pvus4mmh0ymxvd3r6zlu3ylznpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_14; reference:url, urlhaus.abuse.ch/url/1233306/; classtype:trojan-activity;sid:82096406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1230008)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jnljbghz"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_13; reference:url, urlhaus.abuse.ch/url/1230008/; classtype:trojan-activity;sid:82093108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1228961)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1a7jwdzayvxw_d3cgv_n7tjf4sty3ufor|7c|26|7c|export=download"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_13; reference:url, urlhaus.abuse.ch/url/1228961/; classtype:trojan-activity;sid:82092061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1228819)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=140vkyfrfhbqkukc2hnw-gsvi5wjw6iyi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_13; reference:url, urlhaus.abuse.ch/url/1228819/; classtype:trojan-activity;sid:82091919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1223625)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/reqfy21x"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_12; reference:url, urlhaus.abuse.ch/url/1223625/; classtype:trojan-activity;sid:82086725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1220349)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1h_dyp_d5lst4akyf2qezxl7j1scvbtvs|7c|26|7c|revid=0b5thckui5i0mdk5moelbnm9vuhnydvjnvwpyq01vrg5xvwhrpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_11; reference:url, urlhaus.abuse.ch/url/1220349/; classtype:trojan-activity;sid:82083449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1199812)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uygnpwzzyzn2rodsrimg0-sloxy_letg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_06; reference:url, urlhaus.abuse.ch/url/1199812/; classtype:trojan-activity;sid:82062912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1198558)"; flow:established,from_client; content:"GET"; http_method; content:"/view/59bmj3vj18vh2/drive/storage/a/files/download|3f|id=625899581658508733"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"sites.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_06; reference:url, urlhaus.abuse.ch/url/1198558/; classtype:trojan-activity;sid:82061658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1184754)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ygn4gkmy9musdp_lgnpyjjh6rskt39vp|7c|26|7c|revid=0b8rbgp2bpeofmk5ta3n3mgjtefbzdevwtk5wwhpjd3yruejjpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_30; reference:url, urlhaus.abuse.ch/url/1184754/; classtype:trojan-activity;sid:82047854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1182816)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zxejnkdwqezrbgani5vjk2y2nhmpkg0z|7c|26|7c|revid=0b-bo0wgwxcblsui1mehkbhrlu01rwxnyrxzxanbdendmbndnpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1182816/; classtype:trojan-activity;sid:82045916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181763)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=mep5euraznm5lmjsb2cuzgf1bs5uzxq6l0lnqudflzavns5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8.exe"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"cfs9.blog.daum.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181763/; classtype:trojan-activity;sid:82044863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181758)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%bf%c0%b7%f9%c7%d8%b0%e1%c7%cf%b1%e2.exe"; http_uri; depth:184; isdataat:!1,relative; nocase; content:"cfs13.tistory.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181758/; classtype:trojan-activity;sid:82044858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181756)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=mdczafhaznmxmc5ibg9nlmrhdw0ubmv0oi9jtufhrs8wlzkwlmv4zq==|7c|26|7c|filename=xp_sp3_%ed%85%8c%eb%a7%88%ed%8c%a8%ec%b9%98.exe"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"cfs10.blog.daum.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181756/; classtype:trojan-activity;sid:82044856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181754)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%d8%b0%ef%bf%bd%ef%bf%bd%cf%b1%ef%bf%bd.exe"; http_uri; depth:232; isdataat:!1,relative; nocase; content:"cfs13.tistory.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181754/; classtype:trojan-activity;sid:82044854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181755)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=metnwe5aznm3lmjsb2cuzgf1bs5uzxq6l0lnqudflzavmc5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe/%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe"; http_uri; depth:303; isdataat:!1,relative; nocase; content:"cfs7.blog.daum.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181755/; classtype:trojan-activity;sid:82044855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1152444)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jpl-uouydm5hypqm67uokyddrblbpxvw|7c|26|7c|revid=0b7zpiprmoc5ubhpwclq0cxdyte5vwtrbymnidznhtgm3bzvrpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_22; reference:url, urlhaus.abuse.ch/url/1152444/; classtype:trojan-activity;sid:82015544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1061608)"; flow:established,from_client; content:"GET"; http_method; content:"/dos/nemesy13.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dl.packetstormsecurity.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2021_03_11; reference:url, urlhaus.abuse.ch/url/1061608/; classtype:trojan-activity;sid:81924708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1055056)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ch96q3bp"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_03_08; reference:url, urlhaus.abuse.ch/url/1055056/; classtype:trojan-activity;sid:81918156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1040535)"; flow:established,from_client; content:"GET"; http_method; content:"/agha25.tar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"spaceframe.mobi.space-frame.co.za"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2021_03_01; reference:url, urlhaus.abuse.ch/url/1040535/; classtype:trojan-activity;sid:81903635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1010244)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bew39lta"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_14; reference:url, urlhaus.abuse.ch/url/1010244/; classtype:trojan-activity;sid:81873344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (995049)"; flow:established,from_client; content:"GET"; http_method; content:"/txs9e9.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"buscascolegios.diit.cl"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2021_02_08; reference:url, urlhaus.abuse.ch/url/995049/; classtype:trojan-activity;sid:81858149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (995040)"; flow:established,from_client; content:"GET"; http_method; content:"/txs9e9.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"buscascolegios.diit.cl"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2021_02_08; reference:url, urlhaus.abuse.ch/url/995040/; classtype:trojan-activity;sid:81858140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (984502)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/g7vaue54"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_30; reference:url, urlhaus.abuse.ch/url/984502/; classtype:trojan-activity;sid:81847602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (983390)"; flow:established,from_client; content:"GET"; http_method; content:"/warible82/miner/raw/main/minerbtc.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_29; reference:url, urlhaus.abuse.ch/url/983390/; classtype:trojan-activity;sid:81846490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (971401)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.63.68.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_19; reference:url, urlhaus.abuse.ch/url/971401/; classtype:trojan-activity;sid:81834501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (961009)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/00aujclx"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_14; reference:url, urlhaus.abuse.ch/url/961009/; classtype:trojan-activity;sid:81824109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (957784)"; flow:established,from_client; content:"GET"; http_method; content:"/gamewd/yhdl.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"download.caihong.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_13; reference:url, urlhaus.abuse.ch/url/957784/; classtype:trojan-activity;sid:81820884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (936427)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/bxjesdj7w3meuh7iatiurbsgh/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/936427/; classtype:trojan-activity;sid:81799527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (935625)"; flow:established,from_client; content:"GET"; http_method; content:"/u0eukz.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"abissnet.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/935625/; classtype:trojan-activity;sid:81798725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (788214)"; flow:established,from_client; content:"GET"; http_method; content:"/v2x2vexx.jpg"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"yzkzixun.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_11_05; reference:url, urlhaus.abuse.ch/url/788214/; classtype:trojan-activity;sid:81651314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (763354)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/hkhchyzdynzpebzcre0lq3l2ddjizwk4f7/"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"xuezha.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_29; reference:url, urlhaus.abuse.ch/url/763354/; classtype:trojan-activity;sid:81626454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (723755)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sites/ci6p05scnuonqslqmehm/"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/723755/; classtype:trojan-activity;sid:81586855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (637433)"; flow:established,from_client; content:"GET"; http_method; content:"/paetools.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"soft.110route.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_01; reference:url, urlhaus.abuse.ch/url/637433/; classtype:trojan-activity;sid:81500533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (613088)"; flow:established,from_client; content:"GET"; http_method; content:"/mikf/gallery-dl/releases/download/v1.15.0/gallery-dl.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_26; reference:url, urlhaus.abuse.ch/url/613088/; classtype:trojan-activity;sid:81476188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (610777)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/etrac/qqlox3lvjh/"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"jkshaonv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_24; reference:url, urlhaus.abuse.ch/url/610777/; classtype:trojan-activity;sid:81473877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (554647)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/x7z9wbk77tt6v9/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_18; reference:url, urlhaus.abuse.ch/url/554647/; classtype:trojan-activity;sid:81417747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (549365)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jkshaonv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_18; reference:url, urlhaus.abuse.ch/url/549365/; classtype:trojan-activity;sid:81412465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (490516)"; flow:established,from_client; content:"GET"; http_method; content:"/hmatrix/data/hack1226.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cd.textfiles.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_14; reference:url, urlhaus.abuse.ch/url/490516/; classtype:trojan-activity;sid:81353616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (453216)"; flow:established,from_client; content:"GET"; http_method; content:"/enteihacking/mt/master/asycivic.jpg"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_09_04; reference:url, urlhaus.abuse.ch/url/453216/; classtype:trojan-activity;sid:81316316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (453035)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1g_x0a_gnyxai5glsipkq1b2mqknanuw8"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_04; reference:url, urlhaus.abuse.ch/url/453035/; classtype:trojan-activity;sid:81316135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (452177)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=14muad9cmj6mxsd9lrccuo1egxyf5f-ty"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_03; reference:url, urlhaus.abuse.ch/url/452177/; classtype:trojan-activity;sid:81315277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (451466)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yrmkzxf4rmy9utrikbh6rgvsokehbmeo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_02; reference:url, urlhaus.abuse.ch/url/451466/; classtype:trojan-activity;sid:81314566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (447394)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sm7b9902i8v4yitepf6gzomqc84ltloi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_31; reference:url, urlhaus.abuse.ch/url/447394/; classtype:trojan-activity;sid:81310494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (446803)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gavcby-nhlq22ohbgm530exffsrg1aub"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_30; reference:url, urlhaus.abuse.ch/url/446803/; classtype:trojan-activity;sid:81309903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439389)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439389/; classtype:trojan-activity;sid:81302489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438705)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/file/21mnqlvi/oz88535657v7rbazasyth9x8i/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438705/; classtype:trojan-activity;sid:81301805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438357)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/maint/documentation/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"jkshaonv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438357/; classtype:trojan-activity;sid:81301457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438230)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/closed-disk/guarded-space/0870725-raadiviu/"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"yongtai.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438230/; classtype:trojan-activity;sid:81301330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (436727)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_19; reference:url, urlhaus.abuse.ch/url/436727/; classtype:trojan-activity;sid:81299827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (436557)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/vctie/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"yongtai.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_19; reference:url, urlhaus.abuse.ch/url/436557/; classtype:trojan-activity;sid:81299657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434592)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/closed_957176_mxqsdoj6a4iz/close_warehouse/ql55hnq09iyn6lm_334stxvw03wyv/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434592/; classtype:trojan-activity;sid:81297692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434320)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434320/; classtype:trojan-activity;sid:81297420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434311)"; flow:established,from_client; content:"GET"; http_method; content:"/gttu/xofsl/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"dweixin.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434311/; classtype:trojan-activity;sid:81297411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (433042)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/documentation/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"jkshaonv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_14; reference:url, urlhaus.abuse.ch/url/433042/; classtype:trojan-activity;sid:81296142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432722)"; flow:established,from_client; content:"GET"; http_method; content:"/gttu/xofsl/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"dweixin.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_14; reference:url, urlhaus.abuse.ch/url/432722/; classtype:trojan-activity;sid:81295822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432117)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_13; reference:url, urlhaus.abuse.ch/url/432117/; classtype:trojan-activity;sid:81295217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (430532)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/cg1-70urc-761/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"jkshaonv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_12; reference:url, urlhaus.abuse.ch/url/430532/; classtype:trojan-activity;sid:81293632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429290)"; flow:established,from_client; content:"GET"; http_method; content:"/gttu/overview/sw94b26/"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dweixin.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429290/; classtype:trojan-activity;sid:81292390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428089)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/payment/8o4054361916emn7j49of5zb3bgzbw29zx/"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"jkshaonv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428089/; classtype:trojan-activity;sid:81291189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427444)"; flow:established,from_client; content:"GET"; http_method; content:"/gttu/invoice/ujn3me8cye/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"dweixin.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427444/; classtype:trojan-activity;sid:81290544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426390)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/open-0627720493640-azq24pffjrm/guarded-space/gxkx9t42ra6yf-6x7uyx330389w/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426390/; classtype:trojan-activity;sid:81289490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (424629)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kdgxnbhp"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_05; reference:url, urlhaus.abuse.ch/url/424629/; classtype:trojan-activity;sid:81287729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (420521)"; flow:established,from_client; content:"GET"; http_method; content:"/css/parts_service/ly944myw/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"hitstation.nl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_28; reference:url, urlhaus.abuse.ch/url/420521/; classtype:trojan-activity;sid:81283621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (417815)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/znhs8f1m"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_22; reference:url, urlhaus.abuse.ch/url/417815/; classtype:trojan-activity;sid:81280915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (417814)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/6xgqcgx8"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_22; reference:url, urlhaus.abuse.ch/url/417814/; classtype:trojan-activity;sid:81280914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (412922)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-keys.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"hotel-city.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_14; reference:url, urlhaus.abuse.ch/url/412922/; classtype:trojan-activity;sid:81276022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (410755)"; flow:established,from_client; content:"GET"; http_method; content:"/d35ha/processhide/master/bins/processhide32.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_07_10; reference:url, urlhaus.abuse.ch/url/410755/; classtype:trojan-activity;sid:81273855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (398898)"; flow:established,from_client; content:"GET"; http_method; content:"/viewpoint_support.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"support.viewpoint.fr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_06_18; reference:url, urlhaus.abuse.ch/url/398898/; classtype:trojan-activity;sid:81261998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (390013)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1am1ztjjhswzwdbvue5tke5mbkwjud0w5"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_06_15; reference:url, urlhaus.abuse.ch/url/390013/; classtype:trojan-activity;sid:81253113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (390009)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hd7ffgig6btbzuy2_2kds_t4u637qxjn"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_06_15; reference:url, urlhaus.abuse.ch/url/390009/; classtype:trojan-activity;sid:81253109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (374230)"; flow:established,from_client; content:"GET"; http_method; content:"/mmjbbs/673484/nqad_673484_01062020.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"xn--b1afiqif6c.xn--p1ai"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_06_02; reference:url, urlhaus.abuse.ch/url/374230/; classtype:trojan-activity;sid:81237330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (366549)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1pyl4hq8sbp5qatm1zz9vmsze1cuy2uzw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_22; reference:url, urlhaus.abuse.ch/url/366549/; classtype:trojan-activity;sid:81229649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (355363)"; flow:established,from_client; content:"GET"; http_method; content:"/u/0/uc|3f|id=1osjrfvjdy1vblk4fya98jp5jlnk7rutv|7c|26|7c|export=download"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_01; reference:url, urlhaus.abuse.ch/url/355363/; classtype:trojan-activity;sid:81218463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (351490)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nndvq_2_7doyyuqvcvwmory_4lyrplb7"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_04_26; reference:url, urlhaus.abuse.ch/url/351490/; classtype:trojan-activity;sid:81214590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (326350)"; flow:established,from_client; content:"GET"; http_method; content:"/builds/offers/12.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"softcatalog.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_18; reference:url, urlhaus.abuse.ch/url/326350/; classtype:trojan-activity;sid:81189450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322758)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzzcxmzyyqgzzns50axn0b3j5lmnvbtovyxr0ywnolzavmtqwmdawmdawmdawlmv4zq%3d%3d|7c|26|7c|filename=crack-pro20.exe"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"cfs5.tistory.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_08; reference:url, urlhaus.abuse.ch/url/322758/; classtype:trojan-activity;sid:81185858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (318948)"; flow:established,from_client; content:"GET"; http_method; content:"/fuzzbunch/fuzzbunch/master/payloads/doublepulsar-1.3.1.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_02_26; reference:url, urlhaus.abuse.ch/url/318948/; classtype:trojan-activity;sid:81182048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (318947)"; flow:established,from_client; content:"GET"; http_method; content:"/bero1985/berotinypascal/e34bd4164f4b7c27e7cf667dffd9274d33d6dfbe/bin/btpc.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_02_26; reference:url, urlhaus.abuse.ch/url/318947/; classtype:trojan-activity;sid:81182047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (314465)"; flow:established,from_client; content:"GET"; http_method; content:"/fta.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vincentdemiero.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_14; reference:url, urlhaus.abuse.ch/url/314465/; classtype:trojan-activity;sid:81177565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (314464)"; flow:established,from_client; content:"GET"; http_method; content:"/documeynt9897.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"vincentdemiero.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_14; reference:url, urlhaus.abuse.ch/url/314464/; classtype:trojan-activity;sid:81177564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (314463)"; flow:established,from_client; content:"GET"; http_method; content:"/fvs.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vincentdemiero.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_14; reference:url, urlhaus.abuse.ch/url/314463/; classtype:trojan-activity;sid:81177563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (308942)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/wp-lm9-32/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.chenwangqiao.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_02_05; reference:url, urlhaus.abuse.ch/url/308942/; classtype:trojan-activity;sid:81172042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (306649)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/3waa9-ke38h-15/"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.chenwangqiao.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_02_03; reference:url, urlhaus.abuse.ch/url/306649/; classtype:trojan-activity;sid:81169749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (304070)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/file/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.chenwangqiao.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_31; reference:url, urlhaus.abuse.ch/url/304070/; classtype:trojan-activity;sid:81167170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (303582)"; flow:established,from_client; content:"GET"; http_method; content:"/com1/files/severstal_map.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"111101111.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_31; reference:url, urlhaus.abuse.ch/url/303582/; classtype:trojan-activity;sid:81166682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (302960)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/payment/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"zapchast-gazkotel.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_30; reference:url, urlhaus.abuse.ch/url/302960/; classtype:trojan-activity;sid:81166060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (299048)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/private_resource/interior_mgzeu_1nsltpydj/aqxdrigqe_e4k6usnwxrg/"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"www.xyffqh.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_27; reference:url, urlhaus.abuse.ch/url/299048/; classtype:trojan-activity;sid:81162148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (294238)"; flow:established,from_client; content:"GET"; http_method; content:"/components/personal_609510040_zqauxxvgt1/close_warehouse/2539958864610_y3rb9y/"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"supercleanspb.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_21; reference:url, urlhaus.abuse.ch/url/294238/; classtype:trojan-activity;sid:81157338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (288508)"; flow:established,from_client; content:"GET"; http_method; content:"/omlakdj17fkcjfsd/common_module/security_lkveb9o0tx_wd3lhz42yf1slt/tlcs2lwhd3vo_38wyy7/"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"owlcity.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_14; reference:url, urlhaus.abuse.ch/url/288508/; classtype:trojan-activity;sid:81151608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (273603)"; flow:established,from_client; content:"GET"; http_method; content:"/exeim/cippe2020bj/cippe2020en_bj_zhanghao.doc"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"www.cippe.com.cn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_12_20; reference:url, urlhaus.abuse.ch/url/273603/; classtype:trojan-activity;sid:81136703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (272267)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/closed_08597_xwbav/51578533_ixwt6qqxha0o_space/h7uvgaa_hfeywxam/"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"amuletweb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_12_19; reference:url, urlhaus.abuse.ch/url/272267/; classtype:trojan-activity;sid:81135367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (272221)"; flow:established,from_client; content:"GET"; http_method; content:"/about/lm/5oj0ss1de/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dezcom.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_12_19; reference:url, urlhaus.abuse.ch/url/272221/; classtype:trojan-activity;sid:81135321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (267913)"; flow:established,from_client; content:"GET"; http_method; content:"/index_soubory/common_sector/external_area/61551354147_t4d0ky73jjywffgy/"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"oknoplastik.sk"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_12_12; reference:url, urlhaus.abuse.ch/url/267913/; classtype:trojan-activity;sid:81131013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (267838)"; flow:established,from_client; content:"GET"; http_method; content:"/photoblog/lli9c05hrj/2bwx-901909-89178267-5c5xr-qfvwc/"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"olingerphoto.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_12_12; reference:url, urlhaus.abuse.ch/url/267838/; classtype:trojan-activity;sid:81130938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (254738)"; flow:established,from_client; content:"GET"; http_method; content:"/cvd/dist/fileupload/1571723382710/9.915787746614242.jpg"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"cdn.xiaoduoai.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254738/; classtype:trojan-activity;sid:81117838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (254737)"; flow:established,from_client; content:"GET"; http_method; content:"/cvd/dist/fileupload/1571723350789/0.25579108623802416.jpg"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"cdn.xiaoduoai.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254737/; classtype:trojan-activity;sid:81117837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (242568)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.4.124.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_10; reference:url, urlhaus.abuse.ch/url/242568/; classtype:trojan-activity;sid:81105668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240568)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.244.113.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240568/; classtype:trojan-activity;sid:81103668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240550)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71.42.105.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240550/; classtype:trojan-activity;sid:81103650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240426)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.113.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240426/; classtype:trojan-activity;sid:81103526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240403)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.114.191.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240403/; classtype:trojan-activity;sid:81103503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240123)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.185.119.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240123/; classtype:trojan-activity;sid:81103223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (239981)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.55.243.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/239981/; classtype:trojan-activity;sid:81103081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (239019)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_06; reference:url, urlhaus.abuse.ch/url/239019/; classtype:trojan-activity;sid:81102119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (238127)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.248.58.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/238127/; classtype:trojan-activity;sid:81101227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (238008)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.12.99.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/238008/; classtype:trojan-activity;sid:81101108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (237890)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/237890/; classtype:trojan-activity;sid:81100990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (231932)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/poseidon/inc/customizer/functions/index.html"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"smeetspost.nl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_09_16; reference:url, urlhaus.abuse.ch/url/231932/; classtype:trojan-activity;sid:81095032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (227362)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/thirdupload/5d418a4b9682b.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"src1.minibai.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_08_27; reference:url, urlhaus.abuse.ch/url/227362/; classtype:trojan-activity;sid:81090462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (226606)"; flow:established,from_client; content:"GET"; http_method; content:"/loader0/codebot.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"code-cheats.8u.cz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_24; reference:url, urlhaus.abuse.ch/url/226606/; classtype:trojan-activity;sid:81089706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (224805)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/fmt/v1.0.7.01/fmt_01.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_15; reference:url, urlhaus.abuse.ch/url/224805/; classtype:trojan-activity;sid:81087905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222979)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/thirdupload/5d3e8177e87cc.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"src1.minibai.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_08_07; reference:url, urlhaus.abuse.ch/url/222979/; classtype:trojan-activity;sid:81086079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222972)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/thirdupload/5c8b08b37a426.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"src1.minibai.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_08_07; reference:url, urlhaus.abuse.ch/url/222972/; classtype:trojan-activity;sid:81086072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222463)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/mini/v1.0.7.31/mini_02.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_05; reference:url, urlhaus.abuse.ch/url/222463/; classtype:trojan-activity;sid:81085563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222263)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.konsor.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_08_04; reference:url, urlhaus.abuse.ch/url/222263/; classtype:trojan-activity;sid:81085363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222259)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"konsor.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_08_04; reference:url, urlhaus.abuse.ch/url/222259/; classtype:trojan-activity;sid:81085359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222056)"; flow:established,from_client; content:"GET"; http_method; content:"/kaobeitu/news/v1.0.7.31/news_01.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"download.kaobeitu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_08_04; reference:url, urlhaus.abuse.ch/url/222056/; classtype:trojan-activity;sid:81085156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222054)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/mini/v1.0.7.31/mini_01.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_03; reference:url, urlhaus.abuse.ch/url/222054/; classtype:trojan-activity;sid:81085154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222026)"; flow:established,from_client; content:"GET"; http_method; content:"/kaobeitu/mini/v1.0.7.16/mini_04.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"download.kaobeitu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_08_03; reference:url, urlhaus.abuse.ch/url/222026/; classtype:trojan-activity;sid:81085126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222010)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/fmt/v1.0.7.31/fmt_02.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_03; reference:url, urlhaus.abuse.ch/url/222010/; classtype:trojan-activity;sid:81085110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (221599)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/news/v1.0.7.16/news_01.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_01; reference:url, urlhaus.abuse.ch/url/221599/; classtype:trojan-activity;sid:81084699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (221598)"; flow:established,from_client; content:"GET"; http_method; content:"/kszip/mini/v1.0.7.31/mini_04.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_01; reference:url, urlhaus.abuse.ch/url/221598/; classtype:trojan-activity;sid:81084698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (221595)"; flow:established,from_client; content:"GET"; http_method; content:"/kszip/news2/v1.0.7.31/news2_02.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_01; reference:url, urlhaus.abuse.ch/url/221595/; classtype:trojan-activity;sid:81084695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (220541)"; flow:established,from_client; content:"GET"; http_method; content:"/25072019_0963.xls"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fakers.co.jp"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_07_29; reference:url, urlhaus.abuse.ch/url/220541/; classtype:trojan-activity;sid:81083641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (220223)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/news/v1.0.7.01/news_01.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_07_27; reference:url, urlhaus.abuse.ch/url/220223/; classtype:trojan-activity;sid:81083323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (220221)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/mini/v1.0.7.01/mini_01.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_07_27; reference:url, urlhaus.abuse.ch/url/220221/; classtype:trojan-activity;sid:81083321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (219275)"; flow:established,from_client; content:"GET"; http_method; content:"/0996938c001/6e8a2a4f-40ac-464f-9a70-7c67f0a0da19.pdf"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"files.constantcontact.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_07_24; reference:url, urlhaus.abuse.ch/url/219275/; classtype:trojan-activity;sid:81082375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (217608)"; flow:established,from_client; content:"GET"; http_method; content:"/2018/06/201806065969_1243.doc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"data.kaoyany.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_07_17; reference:url, urlhaus.abuse.ch/url/217608/; classtype:trojan-activity;sid:81080708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (217486)"; flow:established,from_client; content:"GET"; http_method; content:"/meteoradminz/hidden-tear/zip/master"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_07_17; reference:url, urlhaus.abuse.ch/url/217486/; classtype:trojan-activity;sid:81080586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (210525)"; flow:established,from_client; content:"GET"; http_method; content:"/20.06.2019_130.22.doc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"fakers.co.jp"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_06_20; reference:url, urlhaus.abuse.ch/url/210525/; classtype:trojan-activity;sid:81073625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (210023)"; flow:established,from_client; content:"GET"; http_method; content:"/opolis.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.opolis.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_06_18; reference:url, urlhaus.abuse.ch/url/210023/; classtype:trojan-activity;sid:81073123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (208009)"; flow:established,from_client; content:"GET"; http_method; content:"/domains/updateagent/application%20files/upagent.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"old.bullydog.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_06_12; reference:url, urlhaus.abuse.ch/url/208009/; classtype:trojan-activity;sid:81071109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (207761)"; flow:established,from_client; content:"GET"; http_method; content:"/monex%20swift%20_11.06.2019.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"tcgroup.com.au"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_06_11; reference:url, urlhaus.abuse.ch/url/207761/; classtype:trojan-activity;sid:81070861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (207732)"; flow:established,from_client; content:"GET"; http_method; content:"/11-jun-2019_f963a2afe3.xls"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"kosmetolodzy.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_06_11; reference:url, urlhaus.abuse.ch/url/207732/; classtype:trojan-activity;sid:81070832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (206183)"; flow:established,from_client; content:"GET"; http_method; content:"/~golgo13ex/c964732.xls"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.cc9.ne.jp"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_06_05; reference:url, urlhaus.abuse.ch/url/206183/; classtype:trojan-activity;sid:81069283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203280)"; flow:established,from_client; content:"GET"; http_method; content:"/download/qt51crk.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.hseda.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_29; reference:url, urlhaus.abuse.ch/url/203280/; classtype:trojan-activity;sid:81066380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (202114)"; flow:established,from_client; content:"GET"; http_method; content:"/screenmate/cute/sm1302.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.starcountry.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_26; reference:url, urlhaus.abuse.ch/url/202114/; classtype:trojan-activity;sid:81065214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (201513)"; flow:established,from_client; content:"GET"; http_method; content:"/wj1bsetup.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dl.dzqzd.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_24; reference:url, urlhaus.abuse.ch/url/201513/; classtype:trojan-activity;sid:81064613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (201410)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivos/nfe.sfx.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.caravella.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_24; reference:url, urlhaus.abuse.ch/url/201410/; classtype:trojan-activity;sid:81064510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (201067)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivos/nfe.sfx.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"caravella.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_24; reference:url, urlhaus.abuse.ch/url/201067/; classtype:trojan-activity;sid:81064167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200800)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/zorke_release/zorke_asciiverter_v1.00/zke-ascv.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200800/; classtype:trojan-activity;sid:81063900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200798)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/12.2013/nrv-ppwr.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200798/; classtype:trojan-activity;sid:81063898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200771)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/rzr-winner_intro.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"chiptune.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200771/; classtype:trojan-activity;sid:81063871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200770)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/zorke_release/zorke_nfo_file_viewer_v1.00/zke-nfoview.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200770/; classtype:trojan-activity;sid:81063870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (197376)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/doc/g1gc04s1woz64tp6ugkcifwtu7pk0_l0pue-9898692635/"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"itcomsrv.kz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197376/; classtype:trojan-activity;sid:81060476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (195172)"; flow:established,from_client; content:"GET"; http_method; content:"/eypipe/pipefile/adpopup/adpopup_1382523956.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"goto.stnts.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_13; reference:url, urlhaus.abuse.ch/url/195172/; classtype:trojan-activity;sid:81058272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (186282)"; flow:established,from_client; content:"GET"; http_method; content:"/pub/1003b/patch/patch_data/patch_0.3300/1003b.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"dl.1003b.56a.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_04_27; reference:url, urlhaus.abuse.ch/url/186282/; classtype:trojan-activity;sid:81049382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (185713)"; flow:established,from_client; content:"GET"; http_method; content:"/qrtb.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"xiaoma-10021647.file.myqcloud.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2019_04_26; reference:url, urlhaus.abuse.ch/url/185713/; classtype:trojan-activity;sid:81048813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (184801)"; flow:established,from_client; content:"GET"; http_method; content:"/tqpjo/scan/uftruaemi2h/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"redlk.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_04_25; reference:url, urlhaus.abuse.ch/url/184801/; classtype:trojan-activity;sid:81047901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (182607)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/doc/iohwpmtjjnoe/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_04_23; reference:url, urlhaus.abuse.ch/url/182607/; classtype:trojan-activity;sid:81045707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (180421)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/indyg-8fpl8zgrhpxry5_vlysnvctx-lr/"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_04_18; reference:url, urlhaus.abuse.ch/url/180421/; classtype:trojan-activity;sid:81043521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (177970)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m9ucj4-x50app3-wmcuc/"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_04_15; reference:url, urlhaus.abuse.ch/url/177970/; classtype:trojan-activity;sid:81041070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (176747)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pdsd-mxmlkagckc6fc12_jwmbpshsq-tk/"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_04_12; reference:url, urlhaus.abuse.ch/url/176747/; classtype:trojan-activity;sid:81039847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (176091)"; flow:established,from_client; content:"GET"; http_method; content:"/templates/theme261/css/msg.jpg"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"sk-comtel.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_12; reference:url, urlhaus.abuse.ch/url/176091/; classtype:trojan-activity;sid:81039191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (175833)"; flow:established,from_client; content:"GET"; http_method; content:"/templates/theme261/html/com_contact/category/hp.gf"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"sk-comtel.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_11; reference:url, urlhaus.abuse.ch/url/175833/; classtype:trojan-activity;sid:81038933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (173971)"; flow:established,from_client; content:"GET"; http_method; content:"/file/support/trust/en/042019/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"brightworks.cz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_04_09; reference:url, urlhaus.abuse.ch/url/173971/; classtype:trojan-activity;sid:81037071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (173425)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/ewbnm-h00hvr2ptu3kyyr_yavlsniuf-a0u/"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"solutelco.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_08; reference:url, urlhaus.abuse.ch/url/173425/; classtype:trojan-activity;sid:81036525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170262)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/3"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170262/; classtype:trojan-activity;sid:81033362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170261)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/2"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170261/; classtype:trojan-activity;sid:81033361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170260)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170260/; classtype:trojan-activity;sid:81033360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (168797)"; flow:established,from_client; content:"GET"; http_method; content:"/images/1754808353/avbq-nqp_gipxnq-ip/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"writerartist.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_29; reference:url, urlhaus.abuse.ch/url/168797/; classtype:trojan-activity;sid:81031897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (167372)"; flow:established,from_client; content:"GET"; http_method; content:"/test/verif.myacc.send.com/"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_27; reference:url, urlhaus.abuse.ch/url/167372/; classtype:trojan-activity;sid:81030472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (165554)"; flow:established,from_client; content:"GET"; http_method; content:"/secure.myacc.resourses.com/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165554/; classtype:trojan-activity;sid:81028654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (165504)"; flow:established,from_client; content:"GET"; http_method; content:"/i203611254b019514581.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"programandojuntos.us.tempcloudsite.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165504/; classtype:trojan-activity;sid:81028604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (164277)"; flow:established,from_client; content:"GET"; http_method; content:"/corporation/new_invoice/1033530/hijmq-jo_uqgwdlyf-8e/"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164277/; classtype:trojan-activity;sid:81027377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (162770)"; flow:established,from_client; content:"GET"; http_method; content:"/artluz/produtos/sendincsec/support/sec/en_en/03-2019/"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"alarmline.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_20; reference:url, urlhaus.abuse.ch/url/162770/; classtype:trojan-activity;sid:81025870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (161757)"; flow:established,from_client; content:"GET"; http_method; content:"/tomatoleizhutizy/tomatoleizhutizy.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"softdl2.360tpcdn.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_19; reference:url, urlhaus.abuse.ch/url/161757/; classtype:trojan-activity;sid:81024857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (158942)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2011-03/27/pub/4d8ee54db371e.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"p5.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_14; reference:url, urlhaus.abuse.ch/url/158942/; classtype:trojan-activity;sid:81022042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (157919)"; flow:established,from_client; content:"GET"; http_method; content:"/nbykx-tuypjfd9ejidldi_gsuqxuuwr-sjm/p0toi-wvvspg-pzauhekva/"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"jeantetfamily.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_13; reference:url, urlhaus.abuse.ch/url/157919/; classtype:trojan-activity;sid:81021019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (157610)"; flow:established,from_client; content:"GET"; http_method; content:"/stats/f06bn-kgh24-ncoviajp/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_12; reference:url, urlhaus.abuse.ch/url/157610/; classtype:trojan-activity;sid:81020710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (155567)"; flow:established,from_client; content:"GET"; http_method; content:"/rawabijob.hta"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"local-update.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_10; reference:url, urlhaus.abuse.ch/url/155567/; classtype:trojan-activity;sid:81018667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (154627)"; flow:established,from_client; content:"GET"; http_method; content:"/za.ebali"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mitreart.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_07; reference:url, urlhaus.abuse.ch/url/154627/; classtype:trojan-activity;sid:81017727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (154059)"; flow:established,from_client; content:"GET"; http_method; content:"/mz5qeapm.hta"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dl.asis.io"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_07; reference:url, urlhaus.abuse.ch/url/154059/; classtype:trojan-activity;sid:81017159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (151907)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/kegy9-vkn3d7-vjunj.view/"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"adver.com.br"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_04; reference:url, urlhaus.abuse.ch/url/151907/; classtype:trojan-activity;sid:81015007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (146376)"; flow:established,from_client; content:"GET"; http_method; content:"/sendincsec/legal/secure/en/022019/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"vcpesaas.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_02_25; reference:url, urlhaus.abuse.ch/url/146376/; classtype:trojan-activity;sid:81009476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (143834)"; flow:established,from_client; content:"GET"; http_method; content:"/hl2dm/hl2dm_updater.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"update.bruss.org.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_02_23; reference:url, urlhaus.abuse.ch/url/143834/; classtype:trojan-activity;sid:81006934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (143833)"; flow:established,from_client; content:"GET"; http_method; content:"/hl2dm/hl2dm%5fupdater.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"update.bruss.org.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_02_23; reference:url, urlhaus.abuse.ch/url/143833/; classtype:trojan-activity;sid:81006933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (143301)"; flow:established,from_client; content:"GET"; http_method; content:"/pistacchietto/win-python-backdoor/raw/master/win.bat"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_02_23; reference:url, urlhaus.abuse.ch/url/143301/; classtype:trojan-activity;sid:81006401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (143068)"; flow:established,from_client; content:"GET"; http_method; content:"/copy_receipt/kppte-noyz_tjl-kww/"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"vcpesaas.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_02_22; reference:url, urlhaus.abuse.ch/url/143068/; classtype:trojan-activity;sid:81006168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (142841)"; flow:established,from_client; content:"GET"; http_method; content:"/company/account/open/file/jnpvoliu3gcmmwttlpocikgwpnx/"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"energy63.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_02_22; reference:url, urlhaus.abuse.ch/url/142841/; classtype:trojan-activity;sid:81005941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (141151)"; flow:established,from_client; content:"GET"; http_method; content:"/secure/business/open/read/6ejw2ylnjos64gujbzyd/"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"vcpesaas.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/141151/; classtype:trojan-activity;sid:81004251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (141063)"; flow:established,from_client; content:"GET"; http_method; content:"/kev4.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kelvingee.hys.cz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/141063/; classtype:trojan-activity;sid:81004163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140888)"; flow:established,from_client; content:"GET"; http_method; content:"/koko4.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.kokopellz.4fan.cz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/140888/; classtype:trojan-activity;sid:81003988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140887)"; flow:established,from_client; content:"GET"; http_method; content:"/koko4.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"kokopellz.4fan.cz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/140887/; classtype:trojan-activity;sid:81003987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140886)"; flow:established,from_client; content:"GET"; http_method; content:"/koko4.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.kokopellz.4fan.cz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/140886/; classtype:trojan-activity;sid:81003986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140885)"; flow:established,from_client; content:"GET"; http_method; content:"/koko4.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"kokopellz.4fan.cz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/140885/; classtype:trojan-activity;sid:81003985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140884)"; flow:established,from_client; content:"GET"; http_method; content:"/koko4.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.kokopellz.4fan.cz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/140884/; classtype:trojan-activity;sid:81003984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140882)"; flow:established,from_client; content:"GET"; http_method; content:"/koko4.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.kokopellz.4fan.cz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/140882/; classtype:trojan-activity;sid:81003982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140883)"; flow:established,from_client; content:"GET"; http_method; content:"/koko4.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"kokopellz.4fan.cz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/140883/; classtype:trojan-activity;sid:81003983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140881)"; flow:established,from_client; content:"GET"; http_method; content:"/koko4.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"kokopellz.4fan.cz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/140881/; classtype:trojan-activity;sid:81003981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140791)"; flow:established,from_client; content:"GET"; http_method; content:"/bv5eh1ierp/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"augsburg-auto.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/140791/; classtype:trojan-activity;sid:81003891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140721)"; flow:established,from_client; content:"GET"; http_method; content:"/llc/pymn-4tz_mul-r1/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"energy63.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/140721/; classtype:trojan-activity;sid:81003821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140156)"; flow:established,from_client; content:"GET"; http_method; content:"/1465810408079_502.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"static.topxgun.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_02_19; reference:url, urlhaus.abuse.ch/url/140156/; classtype:trojan-activity;sid:81003256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (124794)"; flow:established,from_client; content:"GET"; http_method; content:"/info/invoice/pbxt-q6sq_xs-1b/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vcpesaas.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_02_14; reference:url, urlhaus.abuse.ch/url/124794/; classtype:trojan-activity;sid:80987894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (124525)"; flow:established,from_client; content:"GET"; http_method; content:"/llc/invoice_number/csrxs-cbf_bklbf-2e/"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"eroes.nl"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_02_14; reference:url, urlhaus.abuse.ch/url/124525/; classtype:trojan-activity;sid:80987625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (122975)"; flow:established,from_client; content:"GET"; http_method; content:"/data/box.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dusttv.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_02_13; reference:url, urlhaus.abuse.ch/url/122975/; classtype:trojan-activity;sid:80986075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (122898)"; flow:established,from_client; content:"GET"; http_method; content:"/u1yk11gr/"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vcpesaas.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_02_13; reference:url, urlhaus.abuse.ch/url/122898/; classtype:trojan-activity;sid:80985998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (122545)"; flow:established,from_client; content:"GET"; http_method; content:"/sec.accounts.send.com/"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"grikom.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_02_12; reference:url, urlhaus.abuse.ch/url/122545/; classtype:trojan-activity;sid:80985645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (122531)"; flow:established,from_client; content:"GET"; http_method; content:"/inv/kbwu-v0xxx_udmdxque-lg/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"eroes.nl"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_02_12; reference:url, urlhaus.abuse.ch/url/122531/; classtype:trojan-activity;sid:80985631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (122489)"; flow:established,from_client; content:"GET"; http_method; content:"/inv/kbwu-v0xxx_udmdxque-lg//"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"eroes.nl"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_02_12; reference:url, urlhaus.abuse.ch/url/122489/; classtype:trojan-activity;sid:80985589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (121258)"; flow:established,from_client; content:"GET"; http_method; content:"/28758658/2018/04/28/c4284a2a6c1b60247944a03cbaf930c5.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"cdn.file6.goodid.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_02_11; reference:url, urlhaus.abuse.ch/url/121258/; classtype:trojan-activity;sid:80984358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (121029)"; flow:established,from_client; content:"GET"; http_method; content:"/active/pcclear_eng_mini.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"down.pcclear.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_02_10; reference:url, urlhaus.abuse.ch/url/121029/; classtype:trojan-activity;sid:80984129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (118737)"; flow:established,from_client; content:"GET"; http_method; content:"/us_us/info/invoice_notice/04742192589/tlpp-l3mt_mdyhk-fp3/"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"onlinetanecni.cz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_02_06; reference:url, urlhaus.abuse.ch/url/118737/; classtype:trojan-activity;sid:80981837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (118517)"; flow:established,from_client; content:"GET"; http_method; content:"/us_us/info/invoice_number/rtjyv-taf_p-2e/"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"eroes.nl"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_02_06; reference:url, urlhaus.abuse.ch/url/118517/; classtype:trojan-activity;sid:80981617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (116990)"; flow:established,from_client; content:"GET"; http_method; content:"/ltbx_h3dtc-obppcj/maj/messages/2019-02/"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"airlife.bget.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_02_04; reference:url, urlhaus.abuse.ch/url/116990/; classtype:trojan-activity;sid:80980090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (115233)"; flow:established,from_client; content:"GET"; http_method; content:"/files/sanghyun-guest.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sanghyun.nfile.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_02_01; reference:url, urlhaus.abuse.ch/url/115233/; classtype:trojan-activity;sid:80978333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (115231)"; flow:established,from_client; content:"GET"; http_method; content:"/files/sanghyun.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sanghyun.nfile.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_02_01; reference:url, urlhaus.abuse.ch/url/115231/; classtype:trojan-activity;sid:80978331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (114988)"; flow:established,from_client; content:"GET"; http_method; content:"/6iywkl5i_mg/"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pobedastaff.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_01_31; reference:url, urlhaus.abuse.ch/url/114988/; classtype:trojan-activity;sid:80978088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112779)"; flow:established,from_client; content:"GET"; http_method; content:"/files/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"sg123.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112779/; classtype:trojan-activity;sid:80975879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112648)"; flow:established,from_client; content:"GET"; http_method; content:"/files/install.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sg123.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112648/; classtype:trojan-activity;sid:80975748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112647)"; flow:established,from_client; content:"GET"; http_method; content:"/files/install.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"igra123.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112647/; classtype:trojan-activity;sid:80975747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112642)"; flow:established,from_client; content:"GET"; http_method; content:"/files/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"igra123.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112642/; classtype:trojan-activity;sid:80975742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (111792)"; flow:established,from_client; content:"GET"; http_method; content:"/vodafone/de/rechnungen/01_19/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"eroes.nl"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_01_28; reference:url, urlhaus.abuse.ch/url/111792/; classtype:trojan-activity;sid:80974892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (111691)"; flow:established,from_client; content:"GET"; http_method; content:"/files/haeum.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"haeum.nfile.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_01_28; reference:url, urlhaus.abuse.ch/url/111691/; classtype:trojan-activity;sid:80974791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (110142)"; flow:established,from_client; content:"GET"; http_method; content:"/%d3%b2%bc%fe%d0%c5%cf%a2%b2%e9%bf%b4%c6%f7.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"down.54nb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_01_25; reference:url, urlhaus.abuse.ch/url/110142/; classtype:trojan-activity;sid:80973242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (110132)"; flow:established,from_client; content:"GET"; http_method; content:"/gcld/updates_tw/gcmgr_tw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"static.ilclock.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_01_25; reference:url, urlhaus.abuse.ch/url/110132/; classtype:trojan-activity;sid:80973232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (109264)"; flow:established,from_client; content:"GET"; http_method; content:"/rechnungen/01_19/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"p4man.com.br"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_01_24; reference:url, urlhaus.abuse.ch/url/109264/; classtype:trojan-activity;sid:80972364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (109220)"; flow:established,from_client; content:"GET"; http_method; content:"/de_de/tejqsyf3366492/ger/rechnungszahlung/"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"blogs.sokun.jp"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_01_24; reference:url, urlhaus.abuse.ch/url/109220/; classtype:trojan-activity;sid:80972320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (108319)"; flow:established,from_client; content:"GET"; http_method; content:"/tpqppcpcy8721340/rechnungs/doc-dokument/"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"eroes.nl"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_01_23; reference:url, urlhaus.abuse.ch/url/108319/; classtype:trojan-activity;sid:80971419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (108283)"; flow:established,from_client; content:"GET"; http_method; content:"/bigfile/v1/urls/d/4qnwtdd-4xsuuy1xlrmzcibqjfu/ihdzyo55cus7ds4lmmkxpa"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"attach.mail.daum.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_01_23; reference:url, urlhaus.abuse.ch/url/108283/; classtype:trojan-activity;sid:80971383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (106356)"; flow:established,from_client; content:"GET"; http_method; content:"/amazon/de/kunden/012019/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"eroes.nl"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_01_21; reference:url, urlhaus.abuse.ch/url/106356/; classtype:trojan-activity;sid:80969456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (106006)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin128.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/106006/; classtype:trojan-activity;sid:80969106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (106003)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin133.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/106003/; classtype:trojan-activity;sid:80969103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (106002)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd156.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/106002/; classtype:trojan-activity;sid:80969102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (106000)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin130.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/106000/; classtype:trojan-activity;sid:80969100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105999)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin142.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105999/; classtype:trojan-activity;sid:80969099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105998)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd124.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105998/; classtype:trojan-activity;sid:80969098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105997)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin141.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105997/; classtype:trojan-activity;sid:80969097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105996)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd127.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105996/; classtype:trojan-activity;sid:80969096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105992)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd145.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105992/; classtype:trojan-activity;sid:80969092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105991)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin140.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105991/; classtype:trojan-activity;sid:80969091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105988)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd144.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105988/; classtype:trojan-activity;sid:80969088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105985)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd136.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105985/; classtype:trojan-activity;sid:80969085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105976)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin139.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105976/; classtype:trojan-activity;sid:80969076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105975)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd137.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105975/; classtype:trojan-activity;sid:80969075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105946)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/fmt/v1.0.1.17/fmt_01.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105946/; classtype:trojan-activity;sid:80969046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105407)"; flow:established,from_client; content:"GET"; http_method; content:"/hkhe3fktc/"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"atkcgnew.evgeni7e.beget.tech"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_01_18; reference:url, urlhaus.abuse.ch/url/105407/; classtype:trojan-activity;sid:80968507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105248)"; flow:established,from_client; content:"GET"; http_method; content:"/bcabyiw/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"divametalart.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_01_18; reference:url, urlhaus.abuse.ch/url/105248/; classtype:trojan-activity;sid:80968348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (104809)"; flow:established,from_client; content:"GET"; http_method; content:"/bcabyiw/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.divametalart.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_01_17; reference:url, urlhaus.abuse.ch/url/104809/; classtype:trojan-activity;sid:80967909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (104181)"; flow:established,from_client; content:"GET"; http_method; content:"/cfjy-2q9i_yq-se/comet/signs/payment/notification/01/16/2019/en/open-past-due-orders/"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"advustech.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_01_16; reference:url, urlhaus.abuse.ch/url/104181/; classtype:trojan-activity;sid:80967281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (104016)"; flow:established,from_client; content:"GET"; http_method; content:"/drop/css/obr.hta"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.myvcart.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_01_16; reference:url, urlhaus.abuse.ch/url/104016/; classtype:trojan-activity;sid:80967116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (103702)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/pridmag/ttt/161485502.doc"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"sdvgpro.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_01_15; reference:url, urlhaus.abuse.ch/url/103702/; classtype:trojan-activity;sid:80966802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (103393)"; flow:established,from_client; content:"GET"; http_method; content:"/vp1bgrvz9v/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.mixturro.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_01_15; reference:url, urlhaus.abuse.ch/url/103393/; classtype:trojan-activity;sid:80966493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (102706)"; flow:established,from_client; content:"GET"; http_method; content:"/autoguarder/autoguarder_2.3.7.350.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"softdl4.360.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_01_12; reference:url, urlhaus.abuse.ch/url/102706/; classtype:trojan-activity;sid:80965806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (102548)"; flow:established,from_client; content:"GET"; http_method; content:"/doumai/tips/v1.0.1.11/tips_01.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"download.doumaibiji.cn"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_01_11; reference:url, urlhaus.abuse.ch/url/102548/; classtype:trojan-activity;sid:80965648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (102545)"; flow:established,from_client; content:"GET"; http_method; content:"/doumai/fmt/v1.0.1.11/fmt_01.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"download.doumaibiji.cn"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_01_11; reference:url, urlhaus.abuse.ch/url/102545/; classtype:trojan-activity;sid:80965645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (98628)"; flow:established,from_client; content:"GET"; http_method; content:"/6nqq.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.hostingcloud.science"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2018_12_21; reference:url, urlhaus.abuse.ch/url/98628/; classtype:trojan-activity;sid:80961728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (98115)"; flow:established,from_client; content:"GET"; http_method; content:"/pvvwe-5ve_e-avu/invoicecodechanges/us/service-invoice"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"advustech.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_20; reference:url, urlhaus.abuse.ch/url/98115/; classtype:trojan-activity;sid:80961215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (96791)"; flow:established,from_client; content:"GET"; http_method; content:"/gvhr-mmj5u8zn2kc5aoq_nkxhprvvh-t9/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"aulist.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2018_12_18; reference:url, urlhaus.abuse.ch/url/96791/; classtype:trojan-activity;sid:80959891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (96660)"; flow:established,from_client; content:"GET"; http_method; content:"/l5ecamtdy/"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"advustech.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_17; reference:url, urlhaus.abuse.ch/url/96660/; classtype:trojan-activity;sid:80959760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (96625)"; flow:established,from_client; content:"GET"; http_method; content:"/iuia-qgkdtq2rfbxd7z_ljiaengvq-4cy/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.ardguisser.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2018_12_17; reference:url, urlhaus.abuse.ch/url/96625/; classtype:trojan-activity;sid:80959725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (96388)"; flow:established,from_client; content:"GET"; http_method; content:"/seuly-nxbbkkrgeu1lv0r_imkwyuajy-mjt/"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"eroes.nl"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2018_12_17; reference:url, urlhaus.abuse.ch/url/96388/; classtype:trojan-activity;sid:80959488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95728)"; flow:established,from_client; content:"GET"; http_method; content:"/game/download/zip/waigua/shiqi/2003/06/20030620.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"veryboys.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95728/; classtype:trojan-activity;sid:80958828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95727)"; flow:established,from_client; content:"GET"; http_method; content:"/game/download/zip/waigua/mir2/2003/05/200305252.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"veryboys.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95727/; classtype:trojan-activity;sid:80958827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95726)"; flow:established,from_client; content:"GET"; http_method; content:"/game/download/zip/waigua/mu/2003/07/20030721.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"veryboys.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95726/; classtype:trojan-activity;sid:80958826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95634)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/guochang/setup_tvplayer.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.okhan.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95634/; classtype:trojan-activity;sid:80958734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95633)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/youxi/okhan.net-2wn.rar"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.okhan.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95633/; classtype:trojan-activity;sid:80958733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95550)"; flow:established,from_client; content:"GET"; http_method; content:"/game/download/zip/waigua/mir2/2003/05/20030520.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"veryboys.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95550/; classtype:trojan-activity;sid:80958650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95509)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/anquan/pjbingdianhuanyuan.rar"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"www.okhan.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95509/; classtype:trojan-activity;sid:80958609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95209)"; flow:established,from_client; content:"GET"; http_method; content:"/us/information/122018/"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_12_14; reference:url, urlhaus.abuse.ch/url/95209/; classtype:trojan-activity;sid:80958309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95078)"; flow:established,from_client; content:"GET"; http_method; content:"/us/information/122018"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_12_14; reference:url, urlhaus.abuse.ch/url/95078/; classtype:trojan-activity;sid:80958178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94507)"; flow:established,from_client; content:"GET"; http_method; content:"/southwire/910459143107617649/llc/us/summit-companies-invoice-33396595/"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"ccilogistica.com.br"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94507/; classtype:trojan-activity;sid:80957607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94497)"; flow:established,from_client; content:"GET"; http_method; content:"/invoicecodechanges/dec2018/us_us/paid-invoices/"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"eroes.nl"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94497/; classtype:trojan-activity;sid:80957597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94279)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/20140812/14078161556897.rar"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"static.3001.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94279/; classtype:trojan-activity;sid:80957379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94199)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/youxi/okhan.net-2wn.rar"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"okhan.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94199/; classtype:trojan-activity;sid:80957299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94194)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/anquan/pjbingdianhuanyuan.rar"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"okhan.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94194/; classtype:trojan-activity;sid:80957294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (93513)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/telekom/rechnungonline/112018/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"artscreenstudio.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2018_12_12; reference:url, urlhaus.abuse.ch/url/93513/; classtype:trojan-activity;sid:80956613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (92614)"; flow:established,from_client; content:"GET"; http_method; content:"/irs-irsonline-treasury-gov/tax-account-transcript/"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"www.mi2think.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_12_11; reference:url, urlhaus.abuse.ch/url/92614/; classtype:trojan-activity;sid:80955714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (92354)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/3"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"itssprout.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_10; reference:url, urlhaus.abuse.ch/url/92354/; classtype:trojan-activity;sid:80955454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (92351)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/2"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"itssprout.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_10; reference:url, urlhaus.abuse.ch/url/92351/; classtype:trojan-activity;sid:80955451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (92344)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"itssprout.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_10; reference:url, urlhaus.abuse.ch/url/92344/; classtype:trojan-activity;sid:80955444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91936)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2010-11/17/pub/4ce336b4661fd.rar"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91936/; classtype:trojan-activity;sid:80955036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91935)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2010-11/04/pub/4cd2620ce3f10.rar"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91935/; classtype:trojan-activity;sid:80955035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91933)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2011-08/11/pub/4e4334b150fcf.rar"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91933/; classtype:trojan-activity;sid:80955033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91931)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2011-10/14/1121109/4e97e74d5dd8e.rar"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91931/; classtype:trojan-activity;sid:80955031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91928)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2010-12/03/519808/4cf8bc6362f34.rar"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91928/; classtype:trojan-activity;sid:80955028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91927)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2010-12/12/pub/4d043cebf1e0b.rar"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91927/; classtype:trojan-activity;sid:80955027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91881)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2011-10/22/1164339/4ea2a4c43df54.rar"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_08; reference:url, urlhaus.abuse.ch/url/91881/; classtype:trojan-activity;sid:80954981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (90508)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/en/scan"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2018_12_06; reference:url, urlhaus.abuse.ch/url/90508/; classtype:trojan-activity;sid:80953608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (89165)"; flow:established,from_client; content:"GET"; http_method; content:"/corporation/en_en/999-88-805311-816-999-88-805311-384/"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2018_12_05; reference:url, urlhaus.abuse.ch/url/89165/; classtype:trojan-activity;sid:80952265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (89024)"; flow:established,from_client; content:"GET"; http_method; content:"/corporation/en_en/999-88-805311-816-999-88-805311-384"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2018_12_04; reference:url, urlhaus.abuse.ch/url/89024/; classtype:trojan-activity;sid:80952124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (86203)"; flow:established,from_client; content:"GET"; http_method; content:"/076360tad/oamo/business"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/86203/; classtype:trojan-activity;sid:80949303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (86134)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/images/80onffqo/swift/us/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.mi2think.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/86134/; classtype:trojan-activity;sid:80949234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85967)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/rc1veeex.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/85967/; classtype:trojan-activity;sid:80949067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85901)"; flow:established,from_client; content:"GET"; http_method; content:"/tekiwanatain/installer.rar"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/85901/; classtype:trojan-activity;sid:80949001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85881)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/5fg9yjwr.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85881/; classtype:trojan-activity;sid:80948981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85879)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/a9to40e7.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85879/; classtype:trojan-activity;sid:80948979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85878)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/e6i8pdc0.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85878/; classtype:trojan-activity;sid:80948978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85877)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-07/28/117228/4wtjdjio.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85877/; classtype:trojan-activity;sid:80948977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85876)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/zwy1q6k0.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85876/; classtype:trojan-activity;sid:80948976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85874)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/06/98428/07c9mfhe.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85874/; classtype:trojan-activity;sid:80948974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85614)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/images/80onffqo/swift/us"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"www.mi2think.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85614/; classtype:trojan-activity;sid:80948714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85179)"; flow:established,from_client; content:"GET"; http_method; content:"/73321alnwyy/payroll/business/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"malupieng.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_11_26; reference:url, urlhaus.abuse.ch/url/85179/; classtype:trojan-activity;sid:80948279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (84160)"; flow:established,from_client; content:"GET"; http_method; content:"/709rru/ach/business"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.uralmetalloprokat.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2018_11_23; reference:url, urlhaus.abuse.ch/url/84160/; classtype:trojan-activity;sid:80947260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (84040)"; flow:established,from_client; content:"GET"; http_method; content:"/0415jbrob/sep/smallbusiness"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.udobrit.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_11_23; reference:url, urlhaus.abuse.ch/url/84040/; classtype:trojan-activity;sid:80947140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (84037)"; flow:established,from_client; content:"GET"; http_method; content:"/5zbqf/wire/personal"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.tobeart.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_11_23; reference:url, urlhaus.abuse.ch/url/84037/; classtype:trojan-activity;sid:80947137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (79623)"; flow:established,from_client; content:"GET"; http_method; content:"/urzfhrbbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vagler.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_11_13; reference:url, urlhaus.abuse.ch/url/79623/; classtype:trojan-activity;sid:80942723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (79342)"; flow:established,from_client; content:"GET"; http_method; content:"/bigfile/v1/urls/d/1gpusd8uwnakepjjehixnayfekq/kbdjubux_j-nvjot1z-mdw"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"attach.mail.daum.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2018_11_13; reference:url, urlhaus.abuse.ch/url/79342/; classtype:trojan-activity;sid:80942442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (78780)"; flow:established,from_client; content:"GET"; http_method; content:"/ehiz.hta"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"asakoko.cekuj.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2018_11_12; reference:url, urlhaus.abuse.ch/url/78780/; classtype:trojan-activity;sid:80941880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (78779)"; flow:established,from_client; content:"GET"; http_method; content:"/ehiz.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"asakoko.cekuj.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2018_11_12; reference:url, urlhaus.abuse.ch/url/78779/; classtype:trojan-activity;sid:80941879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (71185)"; flow:established,from_client; content:"GET"; http_method; content:"/nykol16/kepek.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_26; reference:url, urlhaus.abuse.ch/url/71185/; classtype:trojan-activity;sid:80934285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (67439)"; flow:established,from_client; content:"GET"; http_method; content:"/zoolatogato/xruhbmzvlaghfnqcerrv.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_12; reference:url, urlhaus.abuse.ch/url/67439/; classtype:trojan-activity;sid:80930539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (66694)"; flow:established,from_client; content:"GET"; http_method; content:"/autoup/client/aqclient.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"pay.aqiu6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_10_11; reference:url, urlhaus.abuse.ch/url/66694/; classtype:trojan-activity;sid:80929794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (66274)"; flow:established,from_client; content:"GET"; http_method; content:"/toneraruhaz/wp-admin/network/installer.rar"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_09; reference:url, urlhaus.abuse.ch/url/66274/; classtype:trojan-activity;sid:80929374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (66164)"; flow:established,from_client; content:"GET"; http_method; content:"/fvlmodell/letoltes/files/scalecalc.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_09; reference:url, urlhaus.abuse.ch/url/66164/; classtype:trojan-activity;sid:80929264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (64681)"; flow:established,from_client; content:"GET"; http_method; content:"/85nojvodyz/biz/business"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"kamin-premium.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_10_04; reference:url, urlhaus.abuse.ch/url/64681/; classtype:trojan-activity;sid:80927781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (61080)"; flow:established,from_client; content:"GET"; http_method; content:"/us/payments/092018"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2018_09_26; reference:url, urlhaus.abuse.ch/url/61080/; classtype:trojan-activity;sid:80924180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (59247)"; flow:established,from_client; content:"GET"; http_method; content:"/vqd0d5/"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"robertrowe.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_09_23; reference:url, urlhaus.abuse.ch/url/59247/; classtype:trojan-activity;sid:80922347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (57935)"; flow:established,from_client; content:"GET"; http_method; content:"/factures-09-2018/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hasalltalent.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_09_19; reference:url, urlhaus.abuse.ch/url/57935/; classtype:trojan-activity;sid:80921035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (57059)"; flow:established,from_client; content:"GET"; http_method; content:"/document/en/need-to-send-the-attachment"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"vgd.vg"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2018_09_17; reference:url, urlhaus.abuse.ch/url/57059/; classtype:trojan-activity;sid:80920159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (56449)"; flow:established,from_client; content:"GET"; http_method; content:"/7mn5zo8d/"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vgd.vg"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2018_09_14; reference:url, urlhaus.abuse.ch/url/56449/; classtype:trojan-activity;sid:80919549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (45433)"; flow:established,from_client; content:"GET"; http_method; content:"/022bzx/swift/us/"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"merctransfers.gradycares.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2018_08_21; reference:url, urlhaus.abuse.ch/url/45433/; classtype:trojan-activity;sid:80908533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (45270)"; flow:established,from_client; content:"GET"; http_method; content:"/022bzx/swift/us"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"merctransfers.gradycares.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2018_08_21; reference:url, urlhaus.abuse.ch/url/45270/; classtype:trojan-activity;sid:80908370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (44461)"; flow:established,from_client; content:"GET"; http_method; content:"/5805773c/payment/personal"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ct3-24.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_08_20; reference:url, urlhaus.abuse.ch/url/44461/; classtype:trojan-activity;sid:80907561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (44113)"; flow:established,from_client; content:"GET"; http_method; content:"/663752sludgz/oamo/us/"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"ct3-24.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_08_17; reference:url, urlhaus.abuse.ch/url/44113/; classtype:trojan-activity;sid:80907213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (41197)"; flow:established,from_client; content:"GET"; http_method; content:"/gym.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"stud.clanweb.eu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_10; reference:url, urlhaus.abuse.ch/url/41197/; classtype:trojan-activity;sid:80904297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (40811)"; flow:established,from_client; content:"GET"; http_method; content:"/newsletter/en_us/status/deposit"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"bankgarantia.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_10; reference:url, urlhaus.abuse.ch/url/40811/; classtype:trojan-activity;sid:80903911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (39538)"; flow:established,from_client; content:"GET"; http_method; content:"/bidniz.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"studio.maweb.eu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_07; reference:url, urlhaus.abuse.ch/url/39538/; classtype:trojan-activity;sid:80902638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (39537)"; flow:established,from_client; content:"GET"; http_method; content:"/ego.hta"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"studio.maweb.eu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_07; reference:url, urlhaus.abuse.ch/url/39537/; classtype:trojan-activity;sid:80902637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (38013)"; flow:established,from_client; content:"GET"; http_method; content:"/s/dl/gxfqfem5m813nva/firefox_67.3.39.js"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_02; reference:url, urlhaus.abuse.ch/url/38013/; classtype:trojan-activity;sid:80901113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (38011)"; flow:established,from_client; content:"GET"; http_method; content:"/s/dl/dqrsgzlf8jeefw0/firefox_67.3.45.js"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_02; reference:url, urlhaus.abuse.ch/url/38011/; classtype:trojan-activity;sid:80901111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (38009)"; flow:established,from_client; content:"GET"; http_method; content:"/s/dl/g4is5u674v6l2yy/firefox_67.3.16.js"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_02; reference:url, urlhaus.abuse.ch/url/38009/; classtype:trojan-activity;sid:80901109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (37232)"; flow:established,from_client; content:"GET"; http_method; content:"/tpkmgecq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_31; reference:url, urlhaus.abuse.ch/url/37232/; classtype:trojan-activity;sid:80900332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (36522)"; flow:established,from_client; content:"GET"; http_method; content:"/files/en/statement/invoice/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_28; reference:url, urlhaus.abuse.ch/url/36522/; classtype:trojan-activity;sid:80899622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (36504)"; flow:established,from_client; content:"GET"; http_method; content:"/jul2018/en_us/invoice-status/past-due-invoice/"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2018_07_28; reference:url, urlhaus.abuse.ch/url/36504/; classtype:trojan-activity;sid:80899604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (36434)"; flow:established,from_client; content:"GET"; http_method; content:"/jul2018/en_us/invoice-status/past-due-invoice"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2018_07_27; reference:url, urlhaus.abuse.ch/url/36434/; classtype:trojan-activity;sid:80899534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (36154)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/en_us/invoice-for-sent/invoice/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_26; reference:url, urlhaus.abuse.ch/url/36154/; classtype:trojan-activity;sid:80899254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (34267)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/en/account/auditor-of-state-notification-of-eft-deposit/"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_18; reference:url, urlhaus.abuse.ch/url/34267/; classtype:trojan-activity;sid:80897367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (34227)"; flow:established,from_client; content:"GET"; http_method; content:"/notification-de-facture-07/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_18; reference:url, urlhaus.abuse.ch/url/34227/; classtype:trojan-activity;sid:80897327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (34178)"; flow:established,from_client; content:"GET"; http_method; content:"/notification-de-facture-07-2018/"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"asl-company.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_07_18; reference:url, urlhaus.abuse.ch/url/34178/; classtype:trojan-activity;sid:80897278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (34102)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/en/account/auditor-of-state-notification-of-eft-deposit"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_18; reference:url, urlhaus.abuse.ch/url/34102/; classtype:trojan-activity;sid:80897202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (33107)"; flow:established,from_client; content:"GET"; http_method; content:"/newsletter/us_us/file/invoice-604371/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"kuzina-teatr.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_07_16; reference:url, urlhaus.abuse.ch/url/33107/; classtype:trojan-activity;sid:80896207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (32518)"; flow:established,from_client; content:"GET"; http_method; content:"/fekir.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"studio.clanweb.eu"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2018_07_14; reference:url, urlhaus.abuse.ch/url/32518/; classtype:trojan-activity;sid:80895618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (31519)"; flow:established,from_client; content:"GET"; http_method; content:"/chapo.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"papillo.jecool.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2018_07_12; reference:url, urlhaus.abuse.ch/url/31519/; classtype:trojan-activity;sid:80894619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (28277)"; flow:established,from_client; content:"GET"; http_method; content:"/mc_setup.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"crimefreesoftware.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2018_07_04; reference:url, urlhaus.abuse.ch/url/28277/; classtype:trojan-activity;sid:80891377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (24594)"; flow:established,from_client; content:"GET"; http_method; content:"/past-due-invoices"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kakhun.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_06_28; reference:url, urlhaus.abuse.ch/url/24594/; classtype:trojan-activity;sid:80887694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (24379)"; flow:established,from_client; content:"GET"; http_method; content:"/past-due-invoices/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kakhun.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_06_28; reference:url, urlhaus.abuse.ch/url/24379/; classtype:trojan-activity;sid:80887479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (19171)"; flow:established,from_client; content:"GET"; http_method; content:"/irs-accounts-transcipts-june-2018-002/3/"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2018_06_14; reference:url, urlhaus.abuse.ch/url/19171/; classtype:trojan-activity;sid:80882271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (16630)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/past-due-invoice/"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"robertrowe.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_06_07; reference:url, urlhaus.abuse.ch/url/16630/; classtype:trojan-activity;sid:80879730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (16579)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/account73637535/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2018_06_07; reference:url, urlhaus.abuse.ch/url/16579/; classtype:trojan-activity;sid:80879679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (15711)"; flow:established,from_client; content:"GET"; http_method; content:"/status/auditor-of-state-notification-of-eft-deposit/"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"robertrowe.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_06_05; reference:url, urlhaus.abuse.ch/url/15711/; classtype:trojan-activity;sid:80878811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (15549)"; flow:established,from_client; content:"GET"; http_method; content:"/rechnungs/"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2018_06_05; reference:url, urlhaus.abuse.ch/url/15549/; classtype:trojan-activity;sid:80878649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (14715)"; flow:established,from_client; content:"GET"; http_method; content:"/admim/mine001.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.tirtasentosa.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2018_06_03; reference:url, urlhaus.abuse.ch/url/14715/; classtype:trojan-activity;sid:80877815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (14062)"; flow:established,from_client; content:"GET"; http_method; content:"/notification-de-facture-30/05/2018"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2018_05_31; reference:url, urlhaus.abuse.ch/url/14062/; classtype:trojan-activity;sid:80877162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (13444)"; flow:established,from_client; content:"GET"; http_method; content:"/facturation/"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2018_05_30; reference:url, urlhaus.abuse.ch/url/13444/; classtype:trojan-activity;sid:80876544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8435)"; flow:established,from_client; content:"GET"; http_method; content:"/give/ukbros003.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_06; reference:url, urlhaus.abuse.ch/url/8435/; classtype:trojan-activity;sid:80871535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8434)"; flow:established,from_client; content:"GET"; http_method; content:"/give/ukbros002.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_06; reference:url, urlhaus.abuse.ch/url/8434/; classtype:trojan-activity;sid:80871534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8433)"; flow:established,from_client; content:"GET"; http_method; content:"/give/ukbros001.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_06; reference:url, urlhaus.abuse.ch/url/8433/; classtype:trojan-activity;sid:80871533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8432)"; flow:established,from_client; content:"GET"; http_method; content:"/give/prin001.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_06; reference:url, urlhaus.abuse.ch/url/8432/; classtype:trojan-activity;sid:80871532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8431)"; flow:established,from_client; content:"GET"; http_method; content:"/give/obi001.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_06; reference:url, urlhaus.abuse.ch/url/8431/; classtype:trojan-activity;sid:80871531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8430)"; flow:established,from_client; content:"GET"; http_method; content:"/give/jon001.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_06; reference:url, urlhaus.abuse.ch/url/8430/; classtype:trojan-activity;sid:80871530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8053)"; flow:established,from_client; content:"GET"; http_method; content:"/give/was001.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_02; reference:url, urlhaus.abuse.ch/url/8053/; classtype:trojan-activity;sid:80871153; rev:1;)
# Number of entries: 16768